Facebook has introduced a new security restriction of strict URI matching which involves important changes to the handling of URI redirects.
As of February 2018, there's a security option called "Strict Mode" in the Facebook application configuration. In March 2018, Strict Mode will be turned on for everyone by default. You can see a notice in your account interface informing you of this change today.
In March 2018, you'll need to update your Valid OAuth redirect URIs list.
Steps to keep GAM Applications working in March 2018
- As stated by Facebook, be sure to update your Valid OAuth redirect URIs in the Facebook app configuration, so that your custom login flow will continue to work after the migration in March. The URI format must be as follows:
See more information about the Facebook configuration for apps using GAM here.
- Apply GAM fix
The following libraries have the fix.
- .NET: Artech.security.dll, Artech.Security.API.Common.dll, agamapi.dll and agamextauthinput.dll
- Java: artech.security-*.jar.
If your app was generated using GeneXus 15 Upg 8, or GeneXus Evolution 3 Upg 15, it's enough to download the files following this link and update the libraries mentioned above. Building the application again or uploading a new app to the store is not necessary.
If your app was generated using a previous upgrade, first you need to get the latest released upgrade and then update the library files with the fixes. For example, if your app was generated using GeneXus 15 upgrade 3, update to GeneXus 15 upgrade 8HF and, afterward, update the library files in the link above.
The fix is included in released versions, it's available since GeneXus 15 upgrade 8 and GeneXus Ev3 upgrade 15.