[possible fix found? review appreciated] FB web login issue caused by FB app

Hello,

  • I would like to apologize in advance if this issue was discussed before and I couldn’t find it, due to the fact that English is not my native language I may have phrased my search queries incorrectly. If so, could you link me to the correct thread.
  • All the videos linked are made on a bare-bone application with the code linked at the end.

We are experiencing a problem that affects a noticeable percent of our user base.
When users are requested to log-in on our website they have the option to sign-in using Facebook, which was accomplished with accounts-Facebook.
The issue we are experiencing is connected to the fact that some users that surf from their smart-phones have the Facebook application installed and at some point they allowed 3rd party authorization/authentication to go through the app instead of in the browser. ( “Open with…” and Facebook was selected ).
This causes the app to not recognize the authentication request/response, and throws the following error on the server:

Error: No matching login attempt found 145546287

Is there any way to force the authentication to be through the mobile-browser, or some other fix that will still allow us to use the popup style?

We are using the default pop-up method it opens the application for a second, closes it, and the user remains UN-logged.

One of the suggested fixes I did manage to find stated that I can change authorization style from popup to redirect.

But:

  1. Redirect is not possible because of the way the app is built, the user should be able to log-in without loosing the state of the app. Implementing any session saving is not an option currently, and there is no actual need for it besides the current issue.
  2. When redirect is active, the mobile app still opens to verify the users. but the web flow continues inside Facebook’s own web container instead of going back to the browser.
  3. And after it opens in the webView for some reason we still need to press login again for it to register. nice UX :stuck_out_tongue:

P.S:
If I disable the application on the smartphone, it works correctly.
Playlist of the 3 options tested, popup and redirect with APP and popup without APP

Also here is a link to a gist with the code used for this bare-bones test, the app is minimal, only login/logout button displayed and that’s basically it.

METEOR 1.6.1.1
All other package versions in the gist

Code used in the test app

The login method is maintaining session on its own so that would explain why points 2 and 3 happen. I would check your Facebook settings. In particular see if changing Embedded Browser OAuth Login does anything.
My app just got approved for Facebook login today so I will check if I can investigate that on my own app as well.

Hi,
Thanks for the reply

We have already tested turning “Embedded Browser OAuth Login” on and off, that did not seem to make any difference and the “loginWithFacebook” method still opened the Facebook APP instead of opening a popup in the mobile browser.

Please if possible update on what you find with your application,

I’m adding a possible fix I have found in the next post, if you encounter the same problem see if it helps.

Possible/Temporary fix:
I decided to thoroughly investigate the code behind “accounts-Facebook” and “facebook-oauth” to see if I can learn something from it.
At some point, after I saw that it always returns a https://www.facebook.com/v.... login link, I remembered that when opening facebook on mobile NOT through the app, all the links are “…/m.facebook.com/…”
( yeah, I’m not a big fan of facebook and don’t go there, so it took me a while to realize this )
So what I did was to change line 33 in facebook_client.js from the facebook-oauth meteor package from:

https://www.facebook.com/v3.0/dialog/oauth?client_id=' + config.appId +

To:

'https://' + (mobile ? 'm' : 'www') + '.facebook.com/v3.0/dialog/oauth?client_id=' + config.appId +

the variable mobile being set by the original code to a true if it is on mobile.

Now it seems that if browsing from a mobile browser ( chrome mobile, samsung intenet, opera etc. ) and tapping the login button, it no longer opens the app but the actual in-browser pop-up.

It seems that when a mobile device received the www. it checked if there is anything (app) related to that domain, but when it gets an m. URI it decides that since its a link for mobile there is no need to check anything.
OR
Its just that the Facebook APP doesn’t check for links with m. just with www..
Either way it seem to have solved the problem for now.

Would like to hear anyone thoughts about this!

Thank you.

1 Like

Small update,

After testing on an iPhone, seems like the Facebook app issue is only present on Android phones.

1 Like

I think i’m seeing this issue on iOS when i “Add app to homescreen” …
the app opening up a new browser window, but then after login, the redirect window stays up… the “Click here if it doesn’t redirect” link doesnt go anywhere…

i wonder if this is the same? I can’t check where the link is trying to go