Description
New Feature / Enhancement Checklist
- Report security issues confidentially.
- Any contribution is under this license.
- Before posting search existing issues.
Current Limitation
Due to Apple's ATT requirements, the "normal" Facebook Login requires a user to allow app tracking. For users who do not allow app tracking, Facebook Limited Login must be used instead, which uses JWT for authentication. Parse Server currently only supports the token provided by "normal" Facebook Login. It does not support the token generated by Limited Login.
This is an urgent issue, because:
- The majority of users does not allow app tracking, so developers must often fall back to Limited Login.
- The Facebook SDKs <= 16 are rejected by AppStore review because they lack the privacy manifest file. The Facebook SDK 17 automatically prohibits "normal" Login and requires Limited Login if the user has not allowed app tracking.
That means that Parse Server (and possibly the Parse Apple SDK) currently do not support Facebook auth when submitting a new app or an app update to the AppStore with Facebook SDK 17.
See parse-community/Parse-SDK-iOS-OSX#1787
Feature / Enhancement Description
Extend the Facebook auth adapter, so that it supports JWT auth from Facebook Limited Login. Ideally, no change will be required on the Parse Apple SDK side.
Alternatives / Workarounds
Unknown.