I have followed the steps described here: https://backendless.com/docs/ios/users_facebook_login.html
and have a working Facebook login integration.
Recently some of my iOS users reported a problem with Facebook login and upon investigating it I found a curious case. The steps to reproduce it are:
- Delete Safari cache (Settings > General > iPhone Storage > Safari > Website Data > Remove All Website Data). This is needed in order to simulate first time Facebook login
- Install Facebook app and log in
- Open my app (Help a Paw, App ID: BDCD56B9-351A-E067-FFA4-9EA9CF2F4000)
- Go to Login and tap Continue with Facebook
- Tap Continue on the dialog that appears
- Tap Open on the dialog that appears
Facebook app opens
- Tap Continue
Help a Paw opens
User is successfully authenticated
Error “API calls from the server require an appsecret_proof argument”
In Facebook’s developer portal I have intentionally enabled “Require App Secret” as a recommended security setting. What is interesting is that if at step 6 the user chooses Cancel and authenticates through the web tab instead (Log In with Phone Number or Email Address)
My code is the same in both cases and can be seen here: https://github.com/HelpAPaw/FriendsInNeed/blob/1e861b49ec3110771e3b8c1b4b553aeb17bb995b/FriendsInNeed/FINLoginVC.m#L167
Am I doing something wrong or is this a bug on your side?
You can use the development branch to test and debug the issue: https://github.com/HelpAPaw/FriendsInNeed/tree/development
Note: After the first successful login the workflow changes and user is authenticated without Facebook’s app. I.e. the dialog from step 6 is not shown. That is why step 1 is needed to make the case reproducible every time.