Login with Facebook app results in error "API calls from the server require an appsecret_proof argument"

I have followed the steps described here: https://backendless.com/docs/ios/users_facebook_login.html
and have a working Facebook login integration.
Recently some of my iOS users reported a problem with Facebook login and upon investigating it I found a curious case. The steps to reproduce it are:

  1. Delete Safari cache (Settings > General > iPhone Storage > Safari > Website Data > Remove All Website Data). This is needed in order to simulate first time Facebook login
  2. Install Facebook app and log in
  3. Open my app (Help a Paw, App ID: BDCD56B9-351A-E067-FFA4-9EA9CF2F4000)
  4. Go to Login and tap Continue with Facebook
  5. Tap Continue on the dialog that appears
  6. Tap Open on the dialog that appears

    Facebook app opens
  7. Tap Continue

    Help a Paw opens

Expected result:
User is successfully authenticated

Actual result:
Error “API calls from the server require an appsecret_proof argument”

In Facebook’s developer portal I have intentionally enabled “Require App Secret” as a recommended security setting. What is interesting is that if at step 6 the user chooses Cancel and authenticates through the web tab instead (Log In with Phone Number or Email Address)

login is successful!
My code is the same in both cases and can be seen here: https://github.com/HelpAPaw/FriendsInNeed/blob/1e861b49ec3110771e3b8c1b4b553aeb17bb995b/FriendsInNeed/FINLoginVC.m#L167

Am I doing something wrong or is this a bug on your side?

You can use the development branch to test and debug the issue: GitHub - HelpAPaw/FriendsInNeed at development

Note: After the first successful login the workflow changes and user is authenticated without Facebook’s app. I.e. the dialog from step 6 is not shown. That is why step 1 is needed to make the case reproducible every time.

Hello Milen

Unfortunately, currently we do not support $appsecret_proof.
I’ve created an internal ticket BKNDLSS-19554 for discussion, and I believe after that we will add the ticket to our roadmap.
But it may take some time for implementation and testing as well, so for now, if you can, just disable the “Require App Secret” feature on your FB App

We will notify you about any result here in the topic

Regards, Vlad

Oh, I didn’t even suppose it’s not supported as login works through the web tab. Anyway, I will disable the setting for now but hope you implement it soon!