What Is the Expected Behaviour of Facebook Login

What is the expected behaviour of Facebook login?

It silently log the user in without getting out of the app. For that you can check the current user's permissions.

This might help you:

Controlling Login dialogs

The Facebook SDK automatically selects the optimal login dialog flow based on the account settings and capabilities of a person's device. This is the default sequence that the Facebook SDK implements:

1. Facebook App Native Login Dialog
2. Facebook App Web Login Dialog
3. Mobile Safari Login Dialog
4. If the Facebook account is not set up, the Facebook SDK checks to see if the Facebook app is installed on the device. If the Facebook app is installed, the Facebook app native login dialog is presented if it's supported. If the Facebook app native login dialog can't be displayed because there's an old version of the app, the Facebook app web login dialog is presented. If the Facebook app isn't installed, mobile Safari is launched to display the Mobile Safari login dialog.

Here are the screenshots of code

Logged out from facebook.com too while logging out from the site using fb login

This is expected behaviour. Calling the logout function will log you out from both Facebook and your site. This is also true for the JavaScript SDK.

If you just want to log the user out of your site, destroy the session (session_destroy()) and delete the cookie set by Facebook on your site.

For your account security, logging into Facebook from an embedded browser is disabled. Download and log into the Facebook app on your device

It's expected behaviour - it was deprecated last year according to this article. You should migrate your app to CustomTabs.

Beginning October 5, 2021, Facebook Login will no longer support using Android embedded browsers (WebViews) for logging in users.

Facebook social login shows conflicting information AND javascript SDK is buggy?

You will still be able to use HTTP with “localhost” addresses, but
only while your app is still in development mode.

The above quote comes from facebook staff from a blog post at
https://developers.facebook.com/blog/post/2018/06/08/enforce-https-facebook-login/

I was relying on it to be truthful, but apparently IT SHOULD NOT BE TRUSTED and is the cause of the weird behaviour documented in my question.

As soon as I started using HTTPS ( https://localhost ), the sdk library behaves better:

• initial status is now "connected"
• callback still fires twice, but both times status is "connected"

A new error message appears in-between the firing twice callbacks:

You are overriding current access token, that means some other app is
expecting different access token and you will probably break things.
Please consider passing access_token directly to API parameters
instead of overriding the global settings.

I tweaked the code slightly, thinking this would fix the firing twice problem:

//check if user is logged in... - AFTER facebook Login Popup returns.
function callback_afterLogin(response) {
    //REMOVED FB.getLoginStatus call, added `response` parm to callback signature
    console.log('callback_afterLogin:', response );
}

BUT it did not make a difference, still fires twice in succession, with error message in between. Please post your solution if you know why it fires twice.

ALSO NOTE the .toLowerCase() error remains, under certain conditions.

---

Related Topics