Facebook strict OAuth

Facebook sent me an email saying in 35 days they’re going to lock down Facebook Login so that it’s more restrictive. There are instructions for ensuring the login continues to work here Login Security - Facebook Login - Documentation - Meta for Developers

@emmanuel Will this cause any problems with Bubble?

An alert in my dev settings said that “track-well.com” would be invalidated. I added it to the valid URI list and now that alert isn’t showing.

It will cause issues if you’re doing Facebook login from page with an ID in them (for instance with a current page thing).

Okay, so if it’s a page like https://foo.com/bar it’ll be fine because we can put that into the valid OAuth redirect URI field, but if it’s https://foo.com/bar/123456789 and the number sequence changes it won’t be fine because we can’t put all of the possible combinations into the valid URI field.

Have I got that right?

That’s how I understand it (but haven’t tested)

As an update for the community, we’re working on a way to use a generic redirect URL to avoid issues with Facebook’s changes.


Thanks @emmanuel - looking forward seeing how you guys address this. It would be great to apply the same solution to the google sign on the plugin as well.

glad to see the bubble team is adding this!

@emmanuel The Facebook change is happening in 7 days. Do you guys know if/how you are planning to handle this?

It’s live

1 Like

@emmanuel I just tried signing in using Facebook on my app with some url params & “Use Strict Mode for Redirect URIs” on, and it didn’t work.

Can you provide more details on the changes you guys have made, and the expected behavior?

You need to change the redirect URL in facebook, as explained in the post quoted above.

Didn’t see the quoted post. Just tested it and it works great - THANK YOU!!

@emmanuel you should add this info into your Lesson on adding a facebook signin button on a web app. If I didn’t find your post here I would have been lost.