We have a hybrid mobile app (built using Ionic) that uses Auth0 to manage authentication with, among others, Facebook. The app has been working fine for the last year or so, but we recently received the following warning from Facebook:
In working to create a great Platform experience for everyone, we ask developers to ensure the apps they build comply with our Platform Policies. Your app XXXX (AppId: XXXX) doesn’t comply with the following:
Platform Policy 8.2: Native iOS and Android apps that implement Facebook Login must use our official SDKs for Login.
Please make sure your Android app is using the most recent version of our SDK for Login. You can find more information on our Android SDK for Login and other Login-related products here: https://developers.facebook.com/docs/facebook-login/android.
You can see our visual example for this policy here: https://developers.facebook.com/policy#7-2-photo.
Please make the requested changes by 2019-01-14 at 12:00 PST.
Let us know when you’ve updated your app by replying to this email. If we do not hear back from you, your app will be subject to enforcement. If you have outstanding questions, respond here and we’ll do our best to help.
The whole purpose of using Auth0 is to avoid having to include and manage multiple SDKs for the various login providers. We’re concerned that this new restriction from Facebook means that we will need to rearchitect our authentication flow, possibly removing Auth0 from the mix.
This seems to relate to a previous question, which was more speculative (“what if Facebook enforces this?”), but now we find ourselves faced with a tough decision - remove Facebook altogether, or implement the Facebook SDK in a week…
Do any other Auth0 developers have experience with this sort of issue? Has anyone successfully lobbied Facebook for a “pass”? Is there an easier solution that we’ve not thought about?