question

developer-5 avatar image
developer-5 asked

Unity: Facebook Limited login

I need to login into Playfab with Facebook Limited Login (https://developers.facebook.com/docs/facebook-login/limited-login/unity/)
But I don't understand how to do that. So I receive from Facebook an Open ID token and insert it into AccessToken field of new LoginWithFacebookRequest() and I get an error with authentication. Also, I've already tried to log in with the function called LoginWithOpenIdConnect, but it doesn't work. Does Playfab support the new Limited Login from Facebook that includes the OIDC token?

By the way, we still using PlayFabClientAPI.LoginWithFacebook , but Apple released the new changes of IDFA, and we must use Facebook Limited Login that provides us the Open ID token. I'm not sure that Playfab supports that.

unity3dsdksAuthentication
2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image Seth Du ♦ commented ·

If you want to use open ID connection for login, have you configured the provider via CreateOpenIdConnection Admin API? Please refer to https://docs.microsoft.com/en-us/rest/api/playfab/admin/authentication/createopenidconnection?view=playfab-rest. Please also refer to the request template in Postman Collection.

0 Likes 0 ·
developer-5 avatar image developer-5 Seth Du ♦ commented ·

Thanks for replying. Could you please explain, how to configure the fields: Issuer, ClientId, ConnectionId. Do I have to create an open id connection for each user? And I don't understand how to connect with it by Facebook Limited login. I receive an access token(JWT) from Facebook SDK. I understand how to use LoginWithOpenID, but I haven't found any information about configuring the Open ID Connect.

1 Like 1 ·

1 Answer

·
JayZuo avatar image
JayZuo answered

Why the Playfab's function LoginWithFacebook doesn't work when I use Facebook Limited Login that contains JWT?

This is because LoginWithFacebook is built on top of Facebook's Graph API. However, Limited Login returns an AuthenticationToken that wraps an OpenID Connect token. The ID token cannot be used to request additional data using the Graph API, such as friends, photos, or pages (Ref from: https://developers.facebook.com/docs/facebook-login/limited-login).

So, LoginWithFacebook won't work with Limited Login. Instead, as Limited Login mode is based on the OpenID Connect standard, we can use LoginWithOpenIdConnect here.

Firstly, you will need to add a new connection like the following:

Client ID should be your Facebook App ID and Client secret is your App Secret.

After saving this, you can then try to login with using AuthenticationToken.TokenString as IdToken:

{
    "ConnectionId": "FacebookLimitedLogin",
    "CreateAccount": true,
    "IdToken": "eyJhbGciOi..._8ItFw",
    "TitleId": {
                {TitleId}}
}

Please note, with above method, we can only log the Facebook user in, even you've enabled "user_friends" premission, the friend information still won't take effect in APIs like GetFriendsLis, GetFriendLeaderboard as in these APIs, the Facebook friends are got from Graph API.

Note:

1. By default, PlayFab will check the nonce and token nonce reuse is not permitted. Nonce values must be unique, and after use are invalid until the expiry of the OpenID Connect token or PlayFab token, whichever comes first.

So, please either use unique nonce in LoginWithTrackingPreference or check "Ignore nonce" in your OpenId Connection setting and set nonce to null in LoginWithTrackingPreference.

2. Facebook has changed their Issuer to "https://www.facebook.com". Please do not use "https://facebook.com" as above picture and also make sure you are using an new SDK support this. More details, see Facebook Limited Login issuer doesn't match OpenID configuration (attempt 2) - Facebook for Developers.


rycos.png (27.6 KiB)
15 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

developer-5 avatar image developer-5 commented ·

Thank you so much! I will try this method and tell if everything is successful. Probably it will help someone else.

0 Likes 0 ·
developer-5 avatar image developer-5 commented ·

Unfortunately, nothing helped me. I had created an open id connect and then configured request properties in a code as needed(ConnectionId: "FacebookLimitedLogin", "IdToken": received from Facebook Limited login; So I login to Facebook with limited login successfully, but error sends from Playfab: error AuthenticateFacebook into Playfab. No idea how to fix it. In my view, Playfab Open ID Connect doesn't work with Token which sets from Facebook Limited Login.

0 Likes 0 ·
JayZuo avatar image JayZuo ♦ developer-5 commented ·

Could you share the code you are using? As in my test, LoginWithOpenIdConnect can work with Facebook Limited login without any issue.

1 Like 1 ·
developer-5 avatar image developer-5 JayZuo ♦ commented ·

Here is a link to see the code (characters limit here)

0 Likes 0 ·
Show more comments
Show more comments
JayZuo avatar image JayZuo ♦ developer-5 commented ·

OK, I'd believe the problem here is the nonce you've used in LoginWithTrackingPreference. By default, PlayFab will check the nonce and token nonce reuse is not permitted. Nonce values must be unique, and after use are invalid until the expiry of the OpenID Connect token or PlayFab token, whichever comes first.

So, you can either use unique nonce in LoginWithTrackingPreference or check "Ignore nonce" in your OpenId Connection setting and do not set nonce in LoginWithTrackingPreference.

0 Likes 0 ·
JayZuo avatar image JayZuo ♦ JayZuo ♦ commented ·

For unique nonce, you can just use a GUID string.

1 Like 1 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.