Auth0 Home Blog Docs

Facebook login with new Strict mode URL requirements will not work

social-connections
facebook

#1

Facebook has announced that in March, they will require Facebook login apps to provide exact URL’s of the redirect URL’s:
https://developers.facebook.com/docs/facebook-login/security/#strict_mode

So this has been optional but in March will be required to “on”. This is a big issue for me, since the redirect URL has the access token #access_token=123456789 - this makes it impossible to put in the exact URL user will be redirected to upon logging in.

Am I missing something or is this a big problem for Auth0 with Facebook login? What is the fix here to enable Strict Mode to prepare for when Facebook will force this setting?


#2

I was able to find solution for this, as described in this article:
https://auth0.com/docs/connections/social/facebook

You have to put: https://exampleco-enterprises.auth0.com/login/callback
in the oAuth Redirect field (where exampleco-enterprises.auth0.com is your Auth0 domain). This will work in “strict mode” that Facebook is going to enforce in March


#4

This is most probably an issue with headers or cookies not being forwarded correctly to the shiny proxy, not an issue with Auth0 but with cloudflare + the shiny proxy (shiny-auth0), why do you need a CDN for a shiny server?

I do not understand the logic on why to do that, each time you run a report you’ll be asking for dynamic data, rendering the CDN useless. Assuming you still need it, i do not know the details of how Cloudflare CDN interacts with the proxy, but i’d try checking the configuration of Cloudflare to see if there’s any pass-through that you can apply to avoid headers/cookies to be lost, i know e.g. Cloudfront from Amazon has this.

If that doesn’t work, you can try modifying the proxy to make it work, it’s possible you need to capture the variables differently when using Cloudflare CDN, but i don’t know that really.
https://akinator.ooo/ https://xender.vip/ https://kik.onl/