Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OIDC token in Facebook provider (Facebook Limited Login) #698

Merged
merged 6 commits into from
Apr 15, 2024
Merged

Support OIDC token in Facebook provider (Facebook Limited Login) #698

merged 6 commits into from
Apr 15, 2024

Conversation

gdebrauwer
Copy link
Contributor

@gdebrauwer gdebrauwer commented Apr 12, 2024
edited
Loading

Facebook recently made changes to its Facebook Login on iOS: https://developers.facebook.com/blog/post/2024/03/28/changes-made-to-fb-login-sdk/

When a user does not allow app tracking, the login uses a new 'limited login' flow that returns an OIDC token. This token can not be used to access Facebook's Graph API. That means the current Facebook provider does not work in this 'limited login' flow. Apple requires you to use Facebook's latest SDK version. That SDK version uses this new 'limited login' flow. This makes the current Facebook socialite provider unusable when validating a Facebook login via iOS SDK.

This PR fixes that by adding support for the OIDC token in a way that does not break or impact the regular Facebook login.

I implemented the validation of the OIDC token based on Facebook's documentation: https://developers.facebook.com/docs/facebook-login/limited-login/token/validating

Example of a user returned from the userFromToken() method when an OIDC token was provided:
Screenshot 2024-04-12 at 13 49 59

I did not add tests as I don't really see a way how I can write a test for this.

@driesvints
Copy link
Member

@gdebrauwer tests break here

@driesvints driesvints marked this pull request as draft April 12, 2024 11:59
@gdebrauwer gdebrauwer marked this pull request as ready for review April 12, 2024 12:09
@taylorotwell
Copy link
Member

Code also needs docblocks.

@taylorotwell taylorotwell marked this pull request as draft April 12, 2024 14:04
@gdebrauwer gdebrauwer marked this pull request as ready for review April 12, 2024 14:07
@taylorotwell taylorotwell merged commit a03e9b2 into laravel:5.x Apr 15, 2024
20 checks passed
@driesvints
Copy link
Member

Thanks @gdebrauwer. Do we need a PR to the docs as well for this?

@gdebrauwer gdebrauwer mentioned this pull request Apr 16, 2024
Merged
@gdebrauwer
Copy link
Contributor Author

@driesvints I created a docs PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gdebrauwer @driesvints @taylorotwell