Unity: Facebook Limited login
I need to login into Playfab with Facebook Limited Login (https://developers.facebook.com/docs/facebook-login/limited-login/unity/)
But I don't understand how to do that. So I receive from Facebook an Open ID token and insert it into AccessToken field of new LoginWithFacebookRequest() and I get an error with authentication. Also, I've already tried to log in with the function called LoginWithOpenIdConnect, but it doesn't work. Does Playfab support the new Limited Login from Facebook that includes the OIDC token?
By the way, we still using PlayFabClientAPI.LoginWithFacebook , but Apple released the new changes of IDFA, and we must use Facebook Limited Login that provides us the Open ID token. I'm not sure that Playfab supports that.
If you want to use open ID connection for login, have you configured the provider via CreateOpenIdConnection Admin API? Please refer to https://docs.microsoft.com/en-us/rest/api/playfab/admin/authentication/createopenidconnection?view=playfab-rest. Please also refer to the request template in Postman Collection.
Thanks for replying. Could you please explain, how to configure the fields: Issuer, ClientId, ConnectionId. Do I have to create an open id connection for each user? And I don't understand how to connect with it by Facebook Limited login. I receive an access token(JWT) from Facebook SDK. I understand how to use LoginWithOpenID, but I haven't found any information about configuring the Open ID Connect.
Best Answer
Why the Playfab's function LoginWithFacebook doesn't work when I use Facebook Limited Login that contains JWT?
This is because LoginWithFacebook is built on top of Facebook's Graph API. However, Limited Login returns an AuthenticationToken that wraps an OpenID Connect token. The ID token cannot be used to request additional data using the Graph API, such as friends, photos, or pages (Ref from: https://developers.facebook.com/docs/facebook-login/limited-login).
So, LoginWithFacebook won't work with Limited Login. Instead, as Limited Login mode is based on the OpenID Connect standard, we can use LoginWithOpenIdConnect here.
Firstly, you will need to add a new connection like the following:
Client ID should be your Facebook App ID and Client secret is your App Secret.
After saving this, you can then try to login with using AuthenticationToken.TokenString as IdToken:
{
"ConnectionId": "FacebookLimitedLogin",
"CreateAccount": true,
"IdToken": "eyJhbGciOi..._8ItFw",
"TitleId": {{TitleId}}
}
Please note, with above method, we can only log the Facebook user in, even you've enabled "user_friends" premission, the friend information still won't take effect in APIs like GetFriendsLis, GetFriendLeaderboard as in these APIs, the Facebook friends are got from Graph API.
Note:
1. By default, PlayFab will check the nonce and token nonce reuse is not permitted. Nonce values must be unique, and after use are invalid until the expiry of the OpenID Connect token or PlayFab token, whichever comes first.
So, please either use unique nonce in LoginWithTrackingPreference or check "Ignore nonce" in your OpenId Connection setting and set nonce to null in LoginWithTrackingPreference.
2. Facebook has changed their Issuer to "https://www.facebook.com". Please do not use "https://facebook.com" as above picture and also make sure you are using an new SDK support this. More details, see Facebook Limited Login issuer doesn't match OpenID configuration (attempt 2) - Facebook for Developers.
Thank you so much! I will try this method and tell if everything is successful. Probably it will help someone else.
Unfortunately, nothing helped me. I had created an open id connect and then configured request properties in a code as needed(ConnectionId: "FacebookLimitedLogin", "IdToken": received from Facebook Limited login; So I login to Facebook with limited login successfully, but error sends from Playfab: error AuthenticateFacebook into Playfab. No idea how to fix it. In my view, Playfab Open ID Connect doesn't work with Token which sets from Facebook Limited Login.
Could you share the code you are using? As in my test, LoginWithOpenIdConnect can work with Facebook Limited login without any issue.
OK, I'd believe the problem here is the nonce you've used in LoginWithTrackingPreference. By default, PlayFab will check the nonce and token nonce reuse is not permitted. Nonce values must be unique, and after use are invalid until the expiry of the OpenID Connect token or PlayFab token, whichever comes first.
So, you can either use unique nonce in LoginWithTrackingPreference or check "Ignore nonce" in your OpenId Connection setting and do not set nonce in LoginWithTrackingPreference.
For unique nonce, you can just use a GUID string.
