4.1.0 - facebookConnectPlugin.login uses Limited Login and returns unusable accessToken

[codeconsole]

4.04 works fine, but calling the following

facebookConnectPlugin.login(Array strings of permissions, Function success, Function failure)

goes to limited.facebook.com and results in

{
	status: "connected",
	authResponse: {
		accessToken: "<long string>",
		data_access_expiration_time: "1623680244",
		expiresIn: "5183979",
		userID: "634565435"
	}
}

but the accessToken doesn't seem to be usable on the server side like it was in 4.0.4

1. Did the accessToken change somehow from <= 4.0.4? Is it something different?
2. Why does a limited login window appear with facebookConnectPlugin.login() even though facebookConnectPlugin.loginWithLimitedTracking() is not being used?

[gabrielnicolae3103]

I have the same problem with 4.1.1, logging in on iOS opens up the limited login window.

[gabrielnicolae3103]

Update: the warning appears because I was loggin in with an administrator/test account, it doesn't appear for normal users.

As for limited login, it appears it will redirect to limited.facebook.com automatically if you don't have ATTrackingManager
enabled. facebook/facebook-ios-sdk#2375

[codeconsole]

@gabrielnicolae3103 any idea why the accessToken doesn't work or what it could be used for?

How do you enable ATTrackingManager?

[gabrielnicolae3103]

I don't know why your accessToken is not working, you should check the facebook sdk page for it, there are multiple tokens (client token, app access token etc). There is also a tool where you can see all your tokens.

As for enabling ATTrackingManager, you can read more about it here (I haven't tried it, I just let it work as limited.facebook.com) because I don't need extra informations. https://stackoverflow.com/questions/63587364/how-to-add-the-apptrackingtransparency-permission-to-your-ios-apps

[jasonandress]

I have the same issue. AuthResponse token doesn't work from 4.1.1 downgrading to 4.0.4 it works fine.

More specifically I can call the Graph API to get name and email, etc but I cannot login with the AuthResponse provided.

[codeconsole]

@jasonandress that was exactly my same issue. I just stuck with 4.0.4. I am not sure if anything useful can be done with whatever that token is that is provided with 4.1.1

[codeconsole]

@gabrielnicolae3103 are you sure your accessToken even works?

[pw-repo]

@codeconsole hi, have you resolved the issue with access token?

Is there in this thread who uses 4.1.1 version and everything is ok?

[jasonandress]

Just researched it and my backend version does not support Facebook Limited Login. It returns a different object than the original.

I wonder if there is a setting with 4.1.1 to not user Facebook limited login and use the one that's exposed in 4.0.4. If not I'll stay with 4.0.4

[pw-repo]

@jasonandress @codeconsole @gabrielnicolae3103 @MaximBelov I have researched a lot for the last days and what I found:

1. If ATT is disabled and you use normal login(not limited), Facebook will automatically redirect you to the limited login. In the following ling find ⚠️ WARNING! Important Changes in SDK v17.0 for iOS (plugin version 2.0.0)
   https://pub.dev/packages/flutter_login_facebook/versions/2.0.0

2. Limited Login doesn't use accesstToken. It is use another JWT token, which you need to verify separately at your server(if you use server-based verification). Here is the information about validating this token. https://developers.facebook.com/docs/facebook-login/limited-login/token/validating

So, here is the solution:
facebook/facebook-ios-sdk#2365 (comment)

This flow is not a bug, this is a normal flow, but not very clear and expected.
facebook/facebook-ios-sdk#2375 (comment)