The Facebook login doesn't work anymore since I upgraded the Firebase app to the new Console (only)

Question

I had a working app with Facebook & Email Login feature, since I upgrade the Firebase console (only, the sdk has not been update).

The app release before the Firebase 3.0 was working before, but it is not anymore able to sign/log with Facebook after the console has been upgraded.

What I have done:

1 - Upgraded the Firebase console

Because of Firebase & Facebook console update, I also had to put the Oauth Callback to the Facebook App

2 - Pasted the Firebase Facebook OAuth Callback to the Facebook console (before it was void) `https://xxx.firebaseapp.com/__/auth/handler``

The Exception:

The firebase Auth listener trigger a Firebase Error :

Invalid authentication credentials provided. and Facebook : {"providerErrorInfo":{"code":400,"message":"Unsuccessful debug_token response from Facebook: {\"error\":{\"message\":\"(#100) You must provide an app access token or a user access token that is an owner or developer of the app\",\"type\":\"OAuthException\",\"code\":100,\"fbtrace_id\":\"DG4lLRJHFBS\"}}"}}

The FirebaseError Code:

In the decompiled code of the FirebaseAndroidSdk, the error object is:

0 = {java.util.LinkedHashMap$LinkedEntry@22680} "code" -> "INVALID_CREDENTIALS"

1 = {java.util.LinkedHashMap$LinkedEntry@22681} "message" -> "Invalid authentication credentials provided."

2 = {java.util.LinkedHashMap$LinkedEntry@22682} "details" -> "{"providerErrorInfo":{"code":400,"message":"Unsuccessful debug_token response from Facebook: {\"error\":{\"message\":\"(#100) You must provide an app access token or a user access token that is an owner or developer of the app\",\"type\":\"OAuthException\",\"code\":100,\"fbtrace_id\":\"BtB3JF2qmku\"}}"}}"

with the decompiled code:

private void makeAuthenticationRequest(String urlPath, Map<String, String> params, AuthResultHandler handler) {
    final AuthenticationManager.AuthAttempt attempt = this.newAuthAttempt(handler);
    this.makeRequest(urlPath, HttpRequestType.GET, params, Collections.emptyMap(), new RequestHandler() {
        public void onResult(Map<String, Object> result) {
            Object errorResponse = result.get("error");
            String token = (String)Utilities.getOrNull(result, "token", String.class);
            if(errorResponse == null && token != null) {
                if(!AuthenticationManager.this.attemptHasBeenPreempted(attempt)) {
                    AuthenticationManager.this.authWithCredential(token, result, attempt);
                }
            } else {
                FirebaseError error = AuthenticationManager.this.decodeErrorResponse(errorResponse);
                AuthenticationManager.this.fireAuthErrorIfNotPreempted(error, attempt);
            }

        }

        public void onError(IOException e) {
            FirebaseError error = new FirebaseError(-24, "There was an exception while connecting to the authentication server: " + e.getLocalizedMessage());
            AuthenticationManager.this.fireAuthErrorIfNotPreempted(error, attempt);
        }
    });
}

At AuthListener level, the firebaseError code : -20

https://www.firebase.com/docs/java-api/javadoc/com/firebase/client/FirebaseError.html

The specified authentication credentials are invalid.

The Facebook Error Code:

code 400

Nothing relevant found here : https://developers.facebook.com/docs/graph-api/using-graph-api/#errors

The code for Authing:

    public void authWithFirebase(final String provider, Map<String, String> options) {
        if (options.containsKey(AUTH_OPTIONS_ERROR)) {
            EventBus.getDefault().post(new MessageToDisplayEvent(options.get(AUTH_OPTIONS_ERROR), true));
        } else {
            if (provider.equalsIgnoreCase(AUTH_PROVIDER_TWITTER)) {
                // if the provider is twitter, we must pass in additional options, so use the options endpoint
                ref.authWithOAuthToken(provider, options, new AuthResultHandler(provider));
            } else {
                // if the provider is not twitter, we just need to pass in the oauth_token
                ref.authWithOAuthToken(provider, options.get(AUTH_OPTIONS_TOKEN), new AuthResultHandler(provider));
            }
        }
    }

TOKEN Validity:

From the code above, the Token is confirmed valid since :

https://graph.facebook.com/app?access_token=%7Byour_access_token%7D return a valid JSON

And the Facebook Tool AccessToken https://developers.facebook.com/tools/debug/accesstoken return a still valid TOKEN

What changed from user point of view:

Now, When I click on the FacebookLoginButton, I have a new dialog that ask "connection as %FacebookUserName", with 2 buttons ("Unconnect" & "Cancel")

I posted a bug report at Firebase, but I even do not know if this is Facebook or Firebase, any help, advise for exploring new issue surface or solution is welcome.

Answer 1

In Facebook Developper Console, switch-off the option about the "app key that is integrated in the client".

For me this changed the behavior. I will give more information as far I get from Firebase/Facebook

Here is a screenshot to help you setting up Facebook: