This is a question to other members of the Auth0 community who are in a similar situation. We have invested in the development of a hybrid mobile app using Auth0 to provide authentication via several SNS including Facebook. We are about to submit our notes for permissions review.
Our setup uses Ionic / Cordova & Angular. But the question is equally valid to React developers I believe.
Facebook has recently updated its requirements with regards to mobile apps. This is very concerning since we, and I imagine many other hybrid mobile developers such as those using React (itself developed by Facebook!), are not using the Facebook SDK. It says:
Mobile apps (iOS, Android, and Windows) must use the latest Facebook SDK.
The language used seems quite strong given the MUST statement. However, a few paragraphs below it reads:
All iOS and Android apps should use our SDKs for iOS and Android for requesting permissions.
If Facebook rejects a non-native login flow (with their new permissions review) for any hybrid mobile app which does not use the Facebook SDK, such as anyone developing with Auth0 in a hybrid context, then Auth0 should put a massive disclaimer.