Limited Login FAQ

In response to the upcoming changes to ATT enforcement, we made changes to the iOS SDK and the SDK no longer provides valid user access tokens in scenarios where the user opts out of ATT. The access token validation or Graph API requests may throw errors like OAuthException - “Invalid OAuth access token - Cannot parse access token”. Our recommendation is that users integrate Limited Login following the official documentation:

• Limited Login for iOS
• Limited Login for Unity

When users opt out of ATT, all Facebook Login traffic will be performed on the Limited Login domain. Limited Login does not support business permissions. Our recommendation is that developers integrate Limited Login following the official documentation. See limited login supported permissions in this document.

When users opt out of ATT, all Facebook Login traffic will be performed on the limited login domain via the in-app browser. Limited Login does not support fast app switch (that is, redirecting to fb app to login). See limitations section of the Limited Login for iOS document.

Please see the official documentation, Validating the Limited Login OIDC Token.

Please see key considerations for user_friends with Limited Login in the Permissions in Limited Login document.

We made changes both to the iOS SDK and our core login systems to support the privacy manifest requirements based on the upcoming App Transparency Tracking enforcement so that iOS users who have opted out of ATT are able to use FBLogin. As a result, we do not plan to release the privacy manifest as part of a minor update.

將驗證您的使用者並填入驗證權杖的共用實例。驗證呼叫的其他資訊將用於在共用的使用者個人檔案實例中填入基本欄位。

由於沒有存取權杖，圖形要求將會失敗。若要取得存取權杖，可以重複使用傳統的登入方法（啟用預設追蹤）或以指定啟用追蹤的設定呼叫 FBSDKLoginManagerlogInFromViewController:configuration:completion:。請注意，這樣將會追蹤使用者。

To access the Graph API, you need an access token. Either reuse the classic login method (defaults tracking to enabled), or call FBSDKLoginManager logInFromViewController:configuration:completion: with a configuration that specifies that tracking is enabled. This will allow you obtain an access token that can be used for Graph API calls. Be aware that when you do this, users are tracked. Be aware that Limited Login safeguards are not supported in this context.

When you use Limited Login to request user_friends from a user, we provide you with a list of app scoped IDs (ASIDs) associated with the friends of the authorizing user, if the friends have also granted your app the user_friends permission. Depending on how you have implemented Limited Login, some of the ASIDs on this list may represent other users that have connected to your app using Limited Login. To ensure that Limited Login safeguards are maintained for such users, do not make Graph API calls using their ASIDs. Instead, continue to rely on Limited Login for these users.

有的。有兩個新增的公開屬性：

• loginTracking，可用於取得或設定所需的追蹤偏好設定，以用於登入嘗試。預設為 .enabled。

• nonce，可用來取得或設定選擇性的 nonce，以用於登入嘗試。有效的 nonce 必須是不含空格的非空白字串。注意：無法設定無效的 nonce。此時將使用預設的唯一 nonce 進行登入嘗試。

從使用者的角度來看，沒有任何變更。在系統運作上，會將目前的 AuthenticationToken、AccessToken 和 Profile 設為 nil。

限制登入目前不適用於 tvOS。

否。我們並未針對 React Native SDK 開發限制登入，因為其已在 SDK 第 9.0 版中停用。如需詳細資訊，請參閱 React Native 文件。

There is no impact to existing logged in users from adopting Limited Login in your app. If you would like to take advantage of Limited Login safeguards for existing, logged-in users, you must log them out by so they can log back in with Limited Login.

否。限制登入標示為裝置專屬。

您可透過電子郵件和/或 ASID 協調使用者，

否。fb_login_id 在限制登入模式下仍會出現。在限制登入模式下是以使用者存取權杖（單獨實體）交換為 OIDC 權杖。

限制登入模式僅支援基本個人檔案（名稱和大頭貼照）及電子郵件權限。如果您的應用程式需要企業權限，則無法使用限制登入來要求這些權限。不過，您的使用者可用下列方法在傳統登入中授予企業權限：

• 透過網路登入您的應用程式。
• 在傳統登入模式下透過 iOS 登入您的應用程式。
• 透過 Android 登入您的應用程式。

Yes, but this will require the use of an app access token to request the token_for_business field on the User node. Limited Login safeguards are not supported in this context. For apps that are associated with your business by means of Business Manager, you can use the app-scoped ID (ASID) included in the OIDC token returned after a successful login to get a unique string for a user. Using your app's app access token, request the token_for_business field on the User node and pass in the user's app-scoped ID. This call returns a string which is the same for this user across all the apps managed by the same Business Manager.

GET /ASID?fields=token_for_business

This returns the values.

{
  "id": "1234567890"
  "token_for_business": "weg23ro87gfewblwjef"
}

Usage notes:

• The person being queried must have logged into this app.
• If the owning business changes, the value of token_for_business will also change
• If you request the token_for_business field and the app is not associated with a Business Manager, the call returns an error.
• The value returned by token_for_business is a token, not an ID - it cannot be used directly against the Graph API to access a person's information. You should still store the ID in your database.