What action should I take in order to ensure Facebook login works after strict URI matching is added?
- Social Login
Facebook has recently announced an important change to the way they are handling redirect URIs. Starting March 19th 2018, all URIs will be handled in 'strict mode'. For Gigya customers who use Facebook as a login provider, this means that the redirect URI defined for the Facebook app in Gigya’s Console must exactly match the redirect URI passed in the login flow.
Gigya has been in contact with Facebook Engineering and are working on an update to address an issue identified with the 'mt' token being created by Gigya, the issue identified is that Gigya passes an 'mt' query parameter as part of the redirect URI, which causes the strict matching to fail. This token will be moved to another parameter recommended by Facebook before the security update. In the meantime clients should make the changes below to their Facebook app settings.
- Login to your Facebook app
- Click Settings under the Facebook Login product
- Change the Valid OAuth redirect URIs to one of the following formats:
Note: For an explanation about data centers, see Gigya’s Developer Guide.