We are using Facebook Login and public_profile advanced access for an iOS app. All reviews are done and on the dashboard there is nothing to submit for a review, all green lights(Business Review is done). When we try to login via an account which has a role on the meta developer "published"(live in old terminology) app, we are seeing the warning below.

Submit for Login Review Some of the permission below have not been approved for use by Facebook.

Submit for review now or learn more

If you are not using Limited Login, you will need to hand all Graph API calls using Graph API, IOS. The access token will not be valid. To learn more about changes to the Facebook SDK for iOS and how you can continue using the Facebook Login SDK, visit the blog.

Issue is that, when you click on Submit for a Review on the warning, it takes you to App Review tab on the meta developers dashboard which does not have anything to submit for a review and everything looks ok.

Anyone has ever seen this? How did you solve the issue? Thanks for the help!

We have doubled checked that app is only using login and public_profile. We are on the newest SDK due to Privacy Manifest requirements of the iOS that is why we are using Limited Login on iOS as well. Normally we should not see this warning but it keeps showing up. I could not find much at the internet regarding the note about "Graph API". Not sure if we somehow call Graph API still but since SDK is updated, this should not happened. How can we check this and make sure that we are not using Limited Login properly or still using Graph API somewhere?

This error arises when the Facebook SDK detects a potential security risk during the login process. The state parameter acts as a crucial security measure to prevent Cross-Site Request Forgery (CSRF) attacks. It ensures that the request to obtain a Facebook access token originates from your legitimate application and not a malicious source.

class FacebookAuthController extends Controller { protected $helpers = ['url', 'session']; // Load the URL and session helper

private $fb; // Declare Facebook object as a private property public function __construct() {     include_once APPPATH . "Libraries/vendor/autoload.php";     // Initialize Facebook SDK in the constructor     $this->fb = new Facebook([         'app_id' => '=',         'app_secret' => '',         'default_graph_version' => 'v11.0',     ]); } public function login() {     // Use the previously initialized Facebook object from the property     $fb = $this->fb;     // Redirect to Facebook's OAuth consent screen     $helper = $fb->getRedirectLoginHelper();     $redirectURL = base_url('auth/facebook/callback');     // Generate a CSRF token and save it in session     $csrfToken = bin2hex(random_bytes(32)); // Generate a random token     session()->set('csrf_token', $csrfToken);     $permissions = ['email']; // Specify the permissions you need     $loginURL = $helper->getLoginUrl($redirectURL, $permissions);     // Append the CSRF token to the login URL as state parameter     $loginURL .= '&state=' . $csrfToken;     return redirect()->to($loginURL); } public function callback() {     // Use the previously initialized Facebook object from the property     $fb = $this->fb;     try {         $accessToken = $fb->getRedirectLoginHelper()->getAccessToken();         if (!$accessToken) {             throw new Exception('No access token received');         }         // Validate CSRF token         $state = $this->request->getGet('state');         $csrfToken = session()->get('csrf_token');         if ($state !== $csrfToken) {             throw new Exception('CSRF token mismatch');         }         // Implement your Facebook API logic using $accessToken and $fb         // ... (e.g., get user data, store access token, create user account)         $userData = $fb->get('/me?fields=id,name,email', $accessToken);         $facebookData = $userData->getData();         // Example usage (replace with your specific logic)         if (isset($facebookData['email'])) {             $email = $facebookData['email'];             // ... (check user existence in your database, create account if needed) ...         }         // ... (Handle successful login) ...     } catch (\Facebook\Exceptions\FacebookResponseException $e) {         // Handle Facebook API response error         echo 'Facebook API Error: ' . $e->getMessage();     } } 

}`

Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing.

some of the users are getting the error Facebook Login is currently unavailable for this app, since we are updating additional details for this app but there aren't any issues or required actions on the developer account Error

Some users try to use facebook login through my app but they get the exception that the feature is unavailable

I have been trying to build an app (react for front end with typescript) that requires social media integration from various platforms, one of which is Facebook. So, I tried to follow the Meta docs and tried to implement the Facebook Login through their SDK code. The login alone was not very difficult to code, however when I refresh the page or switch to a different page and then return back to the one with the Facebook Login button, I am automatically logged out, and need to log back in every time.

I have looked through so many resources and forums trying to understand how to properly implement the Facebook login where a user can safely log in and would stay logged in throughout page refreshes until they directly click on a logout button. I feel like the Meta docs are pretty good, but the code and instructions they provide are in "pieces", if that makes sense. So, are there any full-length, detailed tutorials or guides available that I can follow along to implement this feature?