FBSDK does not allow to sign in with a different account after logging out about react-native-fbsdk-next HOT 12 CLOSED

Thanks for doing that, I had seen this comment but didn't occur to move it over.

I also edited the issue including a workaround for development-only while using the iOS simulator.

from react-native-fbsdk-next.

If you copy the issue, you should copy the most important comment from the issue as well I think, which shows that either Facebook needs to change their OAuth form (out of this module's control) or Apple needs to change things so you can delete cookies in the hardened OAuth WebView's scope (out of this module's control)

The old issue had no issue links indicating anyone had requested either thing from either vendor so current status here is same as current status on the old link

No status - nobody working on it. You (that is: anyone reading this) could work on it!

All the rest is from @SmartArray
facebookarchive/react-native-fbsdk#712 (comment)

We have the same "issue". I did some investigations and I can tell you why it's impossible to get a logout working properly. It's not facebook's fault. Rather it is a security measure from Apple.
Here is why:

FBSDKCoreKit is using the most recent and recommended API provided by Apple: ASWebAuthenticationSession.
It provides a secure and scoped session to login to third-party services, offering a secure callback to pass data back to the app.

As the ASWebAuthenticationSession is capsuled from the app, the biggest implications are: The app is unable to read/modify/delete the session data (passwords and login data) from the hardened WebView.

Here you can see the API call:

https://github.com/facebook/facebook-ios-sdk/blob/d5dc7380ddc0ea07fa4472c8384491cb366a3ae4/FBSDKCoreKit/FBSDKCoreKit/Internal/BridgeAPI/FBSDKBridgeAPI.m#L367

I thought of possible workarounds. For instance, using the same authentication session store to call the logout endpoint. However, the API would request this alert, which is an inappropriate use case:
Apples ASWebAuthenticationSession Sign In Alert

IMHO, there are only two methods to solve this issue:
Possible Workaround by Facebook

Either Facebook solves this by integrating a logout button in their OAuth modal form:
Facebook Oauth Form 'Sign In with another account' button proposal
Solution by Apple

Alternatively, Apple provides a secure way to clear cookies or web data from ASWebAuthenticationSession. Obviously, this wouldn't leak any privacy information at all, it would just interfere with the Single-Sign-On Feature. However, they could scope the Session Deletion with the URL that is being called by the API.
Just saying.

Tl;dr
Currently, there is no way to do achieve what we want.

from react-native-fbsdk-next.

Not sure about iOS but I managed to clear the cache on my Android phone through Chrome which seems to allow me to log in with a different account. Would still be nice for the user to be able to do that easily from the log in page so I submitted a feature request to the facebook-sdk repo. Hopefully they see it haha

from react-native-fbsdk-next.

Same for me. Any updates?
I need to remove the cached FB user account after logout. LoginManager.logOut() doesn't work.

from react-native-fbsdk-next.

I will leave it closed for now, as there is no tangible action on our side.
If someone comes with any news about this getting fixed by Facebook or Apple we can reopened :)

Thanks for including the workaround o/

from react-native-fbsdk-next.

Possible that this might be the way to enable account change:
facebook/facebook-ios-sdk#2000
Raised the issue on ios-sdk as this is the case, basically since iOS 13+ it's possible to request running ASWebAuthenticationSession with prefersEphemeralWebBrowserSession set to true, but the api would have to expose that or give some interface to request that.

from react-native-fbsdk-next.

Interesting @kolboch I wonder if you patched facebook-ios-sdk locally if it would work? Historically I have been able to patch things like that via a cocoapods post-install hook that either directly edited source files in place via sed or by calling the system patch binary on a file and applying a patch similar to how patch-package works. A PR to that repo would be better than an issue in other words - and may stand a good chance of being merged, then maybe we could make progress here

from react-native-fbsdk-next.

Hi @mikehardy , thanks for your comment, didn't know it's possible as I recently switched to ios but would try to make it. There seem to be some contributing guide in facebook-ios-sdk, I hope it would go well :)

from react-native-fbsdk-next.

Same for me. Any updates?

It's open source, the updates you see are the updates you've got: https://hackernoon.com/i-thought-i-understood-open-source-i-was-wrong-cf54999c097b

@Reykjavik151 if this is an important use case for you / your app / your company, pursue it with whatever resources you can, and post your updates here

from react-native-fbsdk-next.

it still not work

from react-native-fbsdk-next.

I have the same issue in android too😩

from react-native-fbsdk-next.

I have the same issue in android too😩

I also have the same issue with android also @lukkimo. I would describe it as a feature rather than an issue as this is by the design of Meta/Facebook and is working as intended to acheive a persisent login. With this being said, Facebook seems to offer no work around for a developer or test user to "Sign in with another account" or successfully remove login cache to facilitate a complete logout process. This feature seems to be geared around creating a pain-free UX while disregarding test users and developers. Currently still in search of a fix for android at this time

from react-native-fbsdk-next.