Facebook Login changes beginning October 5, 2021

[eftas-gka]

Facebook sent the following message on 21.08.2021:

We’ve been monitoring an increase in phishing attempts on Android embedded browsers, also known as WebViews. Because of this, we will no longer support this method of Facebook Login and your users will not be able to log in using Android embedded browsers beginning October 5, 2021. Until then, we will continue to prevent access to Facebook Login on embedded browsers for certain users we deem high-risk in an effort to prevent malicious activity.
To avoid a disrupted user experience, please use the following checklist:

1. Ensure that you have upgraded to version 8.2.0 (or later) of the Facebook SDK for Android. If your app is built to target Android 11 (API level 30) and your users are on Android 11, alternative non-webview login mechanisms provided by the SDK will not work unless you upgrade to or past 8.2.0.
2. Ensure that you are NOT setting LoginBehavior=WEB_VIEW_ONLY.
3. Ensure that your app has configured support for Custom Tabs properly. (Not sure what Custom Tabs are? Check here.) To test this, ensure that you have a browser compatible with Custom Tabs (example browsers that support Custom Tabs include Chrome, Samsung Browser, etc). Next, delete the Facebook app from your device if you have it installed. Finally, login from your app. You should see a window open in the external browser rather than in a native WebDialog.
   If you do not see an external browser launch, follow these instructions:
   Option 1:
   Ensure your app is using version 8.2.0 or later of the Facebook SDK for Android. If so, you should not need to make any modifications to your Android manifest. If you have any items referencing “CustomTabMainActivity” or “CustomTabActivity”, remove them.
   Option 2:
   Configure your Custom Tabs intent filter exactly following the instructions here.
   Try Option 1 first and then use Option 2 if Option 1 does not work after testing. There may be cases where we cannot automatically configure your intent filter because of mismatches between the defined ${applicationId} constant and your package name.
4. If you have already completed steps 1-3 and have released your app to users, users who are on older versions of your application will see an error message when they attempt to login from a webview, prompting them to upgrade to the newest version of your application. If you have mechanisms to force auto-upgrades for existing installations of your application or to prompt your users to upgrade, we encourage you to use them to limit affected users.
5. If your app is used primarily on devices which are unable to host the login experience in an external browser, we encourage you to integrate Device Login as an alternative login mechanism.

How will this effect cordova apps? Will it still be possible to provide a login via Facebook?

[th3hamm0r]

Will it still be possible to provide a login via Facebook?

Yes, I think.
The change only targets the way how the FB login dialog gets opened by the SDK itself, if NO Facebook app is installed (that's why you need at least SDK 8.2.0 and you have to test it by uninstalling the FB app). For example we're using the the cordova-plugin-facebook-connect 2.1.0 in one of our apps, which uses a SDK > 8.2.0, and the new custom-tab option just works.

On the following docs page you can see screenshots of the old (webview) and the new (custom tab) variant:
https://developers.facebook.com/docs/facebook-login/android/deprecating-webviews

[eftas-gka]

Thank you th3hamm0r,
i guess that solves the issue.