Facebook blocks logins for "not using official SDK". How to resolve?

I manage a few apps that use the Facebook login functionality provided through accounts-facebook.

For one app, a week ago, Facebook emailed me saying this app was in violation of their Platform Policy, and that I had to respond to the email to prevent logins from being shut down within a week. Specifically this was the offensive clause:

Platform Policy 8.2: Native iOS and Android apps that implement Facebook Login must use our official SDKs for Login.

I immediately responded, but (of course?) got no response from Facebook. And, today, I got another email saying Facebook logins have been blocked for this app.

I updated to the latest version of accounts-facebook, appealed the block, and got a response:

We have reviewed your iOS and Android apps and they are still in violation of the Platform Policy 8.2: Native iOS and Android apps that implement Facebook Login must use our official SDKs for Login.

So, does this mean that all Meteor apps can get their Facebook login restricted at any time?

Hello @MastaBaba,

I realize that its been a year since you posted this, and you’re the only search result that comes up for this issue.

This is why I have to ask you, did you get any resolution for this from facebook?

What did you end up doing to resolve the violation?

I’m in the same boat here, right now.
Thank you so much!

No, I was not able to resolve this with Facebook. They’re notoriously difficult to work with on issues like this. In this case, they simply never responded to my questions.

I ended up permanently removing the option to login with Facebook.

Just in case, I also posted this issue at the link below, but only got some unhelpful comments:

Hi @gg1meteor1one,
let me help you with that. Where are you with it now? What FB (Meteor) packages are you using for mobile?
Paul

Hi @paulishca

First, thank you.

Using Meteor 1.5, accounts-facebook@1.0.8.

I’m reading a lot fo threads where people try to update Meteor / Packages and are still getting no remorse from facebook.

All help appreciated! Our app is scheduled to be deactivated today.

Thank you

Ok, just to make sure, you need Cordova. Is that right?

Hi @paulishca

Cordova is in use, yes. Looking forward to your help.

Thank you,

Just a short brief:

  1. In Facebook you cannot develop now with live users. If you want to test something you can create another facebook App and in development mode you can create dummy users.
  2. Please use this package: “meteor-facebook-login”: “git+https://github.com/activitree/meteor-facebook-login.git”. I revamped another package and details can be found in the git.
  3. In the Git you will find the exact Cordova plugin you have to use (the “most” official one which includes the latest Facebook Graph SDKs).
  4. These are very new versions of everything so you will probably need to do a “pod install” for Xcode and see if there are any conflicts of packages in Android.
  5. Meteor has a “bug” related to the Facebook Cordova plugin and you cannot re-build Meteor Cordova without deleting all plugins. If you work intensively on this I can tell you how to prevent that by altering a line in the Meteor build sequence until the job is done and eventually you can switch back after.
    I can be your testing user on mobile if you wish.

Your mobile-config.js needs this:

App.configurePlugin('cordova-plugin-facebook4', {
  APP_ID: 'xxxxxxx',
  APP_NAME: 'Appname'
})

your startup / server needs this:

import { Meteor } from 'meteor/meteor'
import { ServiceConfiguration } from 'meteor/service-configuration'
import 'meteor-facebook-login'

Meteor.startup(() => {
  const services = Meteor.settings.private.oAuth
  if (services) {
    for (let service in services) {
      ServiceConfiguration.configurations.upsert({ service: service }, {
        $set: services[service]
      })
    }
  }
})

Your signing function looks like this:

import { FB_API } from 'meteor-facebook-login'

if (Meteor.isCordova) {
      FB_API.login(err => {
        if (err) {
          if (err !== 'User cancelled.') {
            toastr.error('Could not sign in', err)  --- or your logger on user screen if you use one
            console.log(err)
          }
          /*..... is some other error do ....something else */
        } else {
         /* maybe direct to a dashboard, feed, or a ... Mongo delete everything ... :) */
        }
      })
    }

Then you will be probably using an onCreate function for new users. Here is an example of getting the avatar:

 let avatar = null
    let fbi = null

    if (fb) {
      /**
       * I upload to S3 and I don't wait for a response. A little risky...
       */
      put_from_url(`https://graph.facebook.com/${fb.id}/picture?width=500&height=500`, `avatar/${fb.id}.jpg`, (err, res) => {
        if (err) {
          console.log('Could not upload FB photo to S3, ', err)
        } else {
          console.log(res)
        }
      })

      user.profile = extend(user.profile, {
        firstName: fb.first_name,
        lastName: fb.last_name,
        email: fb.email,
        displayName: fb.name,
        gender: startCase(toLower(fb.gender)),
        avatar: `${fb.id}.jpg`
      })
      avatar = `${fb.id}.jpg`
      fbi = fb.id
    }

For the function “put_from_url” you will need to have this after all your imports (and the NPM indeed) or you can choose any other https modality to save it where you want to have it. This is just an example for S3.

const put_from_url = (url, key, callback) => {
  request({
    url: url,
    encoding: null
  }, (err, res, body) => {
    if (err) {
      console.log('Could not request FB or Google photo, ', err)
    } else {
      s3.putObject({
        Bucket: 'your bucket name',
        Key: key,
        ContentType: res.headers['content-type'],
        ContentLength: res.headers['content-length'],
        Expires: new Date('2050/12/20'),
        CacheControl: 'max-age=8460000',
        Body: body // buffer
      }, callback)
    }
  })
}

If you in fact want to save that to S3, I can give you the entire setup and package to do it.

Let me know if and when you need anything.

1 Like

@paulishca Amazing information

However Facebook issued this requirement violation 24h ago and has given until noon today, PST to implement. If I work really fast without too much trouble, Apple will not get around to approving the submission for days. Therefore, I believe it’s guaranteed we lose FB login, unfortunately. And so, we’re working on contingency as of now. But your information is vital for us and other users.

Question: What is @meteor stance on this?

I will keep in touch with you @paulishca.

Considering my post from last year went completely unanswered for 10 months, I’m also curious to hear whether Meteor has a position on this.

That user tag is nothing to do with the Meteor Development Group. I guess that name should have been blocked from general registration :confused:

I see what you mean. Anyway, if you’ve been using anything other than a Cordova specific Meteor Facebook package and only relied on accounts-facebook, we (many of us) knew things were going to stop working.

@paulishca

You’ve been extremely resourceful. Thank you very much. I hope others with this issue take notice and implement your solution while they still have time.

Thank you!