Is there any way to turn off the option Use Strict Mode for Redirect URIs in a Facebook app? It seems that as of March 2018 this property automatically is turned on and is greyed out so cannot be disabled. Facebook seems to disallow authentication unless the exact URL is mentioned in Valid OAuth Redirect URIs. This is a problem because the Sitecore Social Connected module seems to pass in a different state parameter in the query string each time you log in. I have tested using the Redirect URI Validator in the Facebook app and this confirms that the redirect must be exactly as per Valid OAuth Redirect URIs.
Is there any way to turn off the option
Use Strict Mode for Redirect URIsin a Facebook app?
Due to the security changes made to Facebook, it's no longer possible to turn off this setting.
Regarding specifics of Sitecore and the Social Connected module, I found from @CBroe's comments that the Valid OAuth Redirect URIs now needs to contain a query string parameter as follows:
http://example.com/layouts/Social/Connector/SocialLogin.ashx?type=access
previously I just had
http://example.com/layouts/Social/Connector/SocialLogin.ashx
If you are using HTTPS, you will need to enter the URI with the port number as well i.e.
https://example.com:443/layouts/Social/Connector/SocialLogin.ashx?type=access
This last point is not related to the recent Facebook app changes.