fix(authentication): Bad accessToken when signing in via Facebook under iOS (#843)

ebarooni · web-flow · commit 22c4c133a4ad · 2025-03-16T10:30:59.000+01:00
diff --git a/.changeset/happy-oranges-rush.md b/.changeset/happy-oranges-rush.md
@@ -0,0 +1,5 @@
+---
+'@capacitor-firebase/authentication': minor
+---
+
+feat(ios): support Facebook Limited Login
diff --git a/packages/authentication/README.md b/packages/authentication/README.md
@@ -484,6 +484,8 @@ const verifyBeforeUpdateEmail = async () => {
 * [`useAppLanguage()`](#useapplanguage)
 * [`useEmulator(...)`](#useemulator)
 * [`verifyBeforeUpdateEmail(...)`](#verifybeforeupdateemail)
+* [`checkAppTrackingTransparencyPermission()`](#checkapptrackingtransparencypermission)
+* [`requestAppTrackingTransparencyPermission()`](#requestapptrackingtransparencypermission)
 * [`addListener('authStateChange', ...)`](#addlistenerauthstatechange-)
 * [`addListener('idTokenChange', ...)`](#addlisteneridtokenchange-)
 * [`addListener('phoneVerificationCompleted', ...)`](#addlistenerphoneverificationcompleted-)
@@ -1231,14 +1233,14 @@ Signs in using an email and sign-in email link.
 ### signInWithFacebook(...)
 
 ```typescript
-signInWithFacebook(options?: SignInWithOAuthOptions | undefined) => Promise<SignInResult>
+signInWithFacebook(options?: SignInWithFacebookOptions | undefined) => Promise<SignInResult>
 ```
 
 Starts the Facebook sign-in flow.
 
-| Param         | Type                                                                      |
-| ------------- | ------------------------------------------------------------------------- |
-| **`options`** | <code><a href="#signinwithoauthoptions">SignInWithOAuthOptions</a></code> |
+| Param         | Type                                                                            |
+| ------------- | ------------------------------------------------------------------------------- |
+| **`options`** | <code><a href="#signinwithfacebookoptions">SignInWithFacebookOptions</a></code> |
 
 **Returns:** <code>Promise&lt;<a href="#signinresult">SignInResult</a>&gt;</code>
 
@@ -1556,6 +1558,42 @@ Verifies the new email address before updating the email address of the currentl
 --------------------
 
 
+### checkAppTrackingTransparencyPermission()
+
+```typescript
+checkAppTrackingTransparencyPermission() => Promise<CheckAppTrackingTransparencyPermissionResult>
+```
+
+Checks the current status of app tracking transparency.
+
+Only available on iOS.
+
+**Returns:** <code>Promise&lt;<a href="#checkapptrackingtransparencypermissionresult">CheckAppTrackingTransparencyPermissionResult</a>&gt;</code>
+
+**Since:** 7.2.0
+
+--------------------
+
+
+### requestAppTrackingTransparencyPermission()
+
+```typescript
+requestAppTrackingTransparencyPermission() => Promise<RequestAppTrackingTransparencyPermissionResult>
+```
+
+Opens the system dialog to authorize app tracking transparency.
+
+**Attention:** The user may have disabled the tracking request in the device settings, see [Apple's documentation](https://support.apple.com/guide/iphone/iph4f4cbd242/ios).
+
+Only available on iOS.
+
+**Returns:** <code>Promise&lt;<a href="#checkapptrackingtransparencypermissionresult">CheckAppTrackingTransparencyPermissionResult</a>&gt;</code>
+
+**Since:** 7.2.0
+
+--------------------
+
+
 ### addListener('authStateChange', ...)
 
 ```typescript
@@ -1988,6 +2026,13 @@ An interface covering the possible persistence mechanism types.
 | **`emailLink`** | <code>string</code> | The link sent to the user's email address. | 1.1.0 |
 
 
+#### SignInWithFacebookOptions
+
+| Prop                  | Type                 | Description                                                                                                                                                                                                                                                                                                                                                           | Default            | Since |
+| --------------------- | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | ----- |
+| **`useLimitedLogin`** | <code>boolean</code> | Whether to use the Facebook Limited Login mode. If set to `true`, no access token will be returned but the user does not have to grant App Tracking Transparency permission. If set to `false`, the user has to grant App Tracking Transparency permission. You can request the permission with `requestAppTrackingTransparencyPermission()`. Only available for iOS. | <code>false</code> | 7.2.0 |
+
+
 #### SignInOptions
 
 | Prop                 | Type                 | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Since |
@@ -2048,6 +2093,13 @@ An interface covering the possible persistence mechanism types.
 | **`actionCodeSettings`** | <code><a href="#actioncodesettings">ActionCodeSettings</a></code> | The action code settings                            | 6.3.0 |
 
 
+#### CheckAppTrackingTransparencyPermissionResult
+
+| Prop         | Type                                                                                                      | Description                                         | Since |
+| ------------ | --------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | ----- |
+| **`status`** | <code><a href="#apptrackingtransparencypermissionstate">AppTrackingTransparencyPermissionState</a></code> | The permission status of App Tracking Transparency. | 7.2.0 |
+
+
 #### PluginListenerHandle
 
 | Prop         | Type                                      |
@@ -2106,6 +2158,21 @@ An interface covering the possible persistence mechanism types.
 <code><a href="#signinwithphonenumberoptions">SignInWithPhoneNumberOptions</a></code>
 
 
+#### AppTrackingTransparencyPermissionState
+
+<code><a href="#permissionstate">PermissionState</a> | 'restricted'</code>
+
+
+#### PermissionState
+
+<code>'prompt' | 'prompt-with-rationale' | 'granted' | 'denied'</code>
+
+
+#### RequestAppTrackingTransparencyPermissionResult
+
+<code><a href="#checkapptrackingtransparencypermissionresult">CheckAppTrackingTransparencyPermissionResult</a></code>
+
+
 #### AuthStateChangeListener
 
 Callback to receive the user's sign-in state change notifications.
diff --git a/packages/authentication/android/src/main/java/io/capawesome/capacitorjs/plugins/firebase/authentication/FirebaseAuthenticationPlugin.java b/packages/authentication/android/src/main/java/io/capawesome/capacitorjs/plugins/firebase/authentication/FirebaseAuthenticationPlugin.java
@@ -955,6 +955,16 @@ public void useEmulator(PluginCall call) {
         }
     }
 
+    @PluginMethod
+    public void requestAppTrackingTransparencyPermission(PluginCall call) {
+        call.reject("Not available on Android.");
+    }
+
+    @PluginMethod
+    public void checkAppTrackingTransparencyPermission(PluginCall call) {
+        call.reject("Not available on Android.");
+    }
+
     public void handlePhoneVerificationCompleted(@NonNull final PhoneVerificationCompletedEvent event) {
         notifyListeners(PHONE_VERIFICATION_COMPLETED_EVENT, event.toJSObject(), true);
     }
diff --git a/packages/authentication/docs/setup-facebook.md b/packages/authentication/docs/setup-facebook.md
@@ -155,6 +155,13 @@
    `[CLIENT_TOKEN]` must be replaced with your Facebook Client Token (App Dashboard > Settings > Advanced > Client Token).  
    `[APP_NAME]` must be replaced with your Facebook app name.
 
+1. Set the `NSUserTrackingUsageDescription` key in your app's `Info.plist`:
+    
+   ```
+   <key>NSUserTrackingUsageDescription</key>
+   <string>This identifier will be used to request permission to track the user's activity.</string>
+   ```
+
 ## Web
 
 1. See [Before you begin](https://firebase.google.com/docs/auth/web/facebook-login#before_you_begin) and follow the instructions to configure and enable sign-in with Facebook correctly.
diff --git a/packages/authentication/ios/Plugin.xcodeproj/project.pbxproj b/packages/authentication/ios/Plugin.xcodeproj/project.pbxproj
@@ -16,6 +16,7 @@
 		50E1A94820377CB70090CE1A /* FirebaseAuthenticationPlugin.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50E1A94720377CB70090CE1A /* FirebaseAuthenticationPlugin.swift */; };
 		7C0C050B2BAD80E2004252BE /* FetchSignInMethodsForEmailOptions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7C0C050A2BAD80E2004252BE /* FetchSignInMethodsForEmailOptions.swift */; };
 		7C0C050D2BAD80EC004252BE /* FetchSignInMethodsForEmailResult.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7C0C050C2BAD80EC004252BE /* FetchSignInMethodsForEmailResult.swift */; };
+		7C1F76152D83359D00386F35 /* CheckAppTrackingTransparencyPermissionResult.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7C1F76142D83359100386F35 /* CheckAppTrackingTransparencyPermissionResult.swift */; };
 		7C20942E2C2D8FC400C75248 /* SendEmailVerificationOptions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7C20942D2C2D8FC400C75248 /* SendEmailVerificationOptions.swift */; };
 		7C2094302C2D8FD100C75248 /* SendPasswordResetEmailOptions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7C20942F2C2D8FD100C75248 /* SendPasswordResetEmailOptions.swift */; };
 		7C3D92CA26D3CC62000C0B29 /* PhoneAuthProviderHandler.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7C3D92C926D3CC62000C0B29 /* PhoneAuthProviderHandler.swift */; };
@@ -61,6 +62,7 @@
 		5E23F77F099397094342571A /* Pods-Plugin.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Plugin.debug.xcconfig"; path = "Pods/Target Support Files/Pods-Plugin/Pods-Plugin.debug.xcconfig"; sourceTree = "<group>"; };
 		7C0C050A2BAD80E2004252BE /* FetchSignInMethodsForEmailOptions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FetchSignInMethodsForEmailOptions.swift; sourceTree = "<group>"; };
 		7C0C050C2BAD80EC004252BE /* FetchSignInMethodsForEmailResult.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FetchSignInMethodsForEmailResult.swift; sourceTree = "<group>"; };
+		7C1F76142D83359100386F35 /* CheckAppTrackingTransparencyPermissionResult.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CheckAppTrackingTransparencyPermissionResult.swift; sourceTree = "<group>"; };
 		7C20942D2C2D8FC400C75248 /* SendEmailVerificationOptions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SendEmailVerificationOptions.swift; sourceTree = "<group>"; };
 		7C20942F2C2D8FD100C75248 /* SendPasswordResetEmailOptions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SendPasswordResetEmailOptions.swift; sourceTree = "<group>"; };
 		7C3D92C926D3CC62000C0B29 /* PhoneAuthProviderHandler.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PhoneAuthProviderHandler.swift; sourceTree = "<group>"; };
@@ -167,6 +169,7 @@
 		7C0C05092BAD80CF004252BE /* Results */ = {
 			isa = PBXGroup;
 			children = (
+				7C1F76142D83359100386F35 /* CheckAppTrackingTransparencyPermissionResult.swift */,
 				7C0C050C2BAD80EC004252BE /* FetchSignInMethodsForEmailResult.swift */,
 			);
 			path = Results;
@@ -461,6 +464,7 @@
 				7C2094302C2D8FD100C75248 /* SendPasswordResetEmailOptions.swift in Sources */,
 				7C20942E2C2D8FC400C75248 /* SendEmailVerificationOptions.swift in Sources */,
 				7C57A00129F4023E00B7778B /* RuntimeError.swift in Sources */,
+				7C1F76152D83359D00386F35 /* CheckAppTrackingTransparencyPermissionResult.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
diff --git a/packages/authentication/ios/Plugin/Classes/Results/CheckAppTrackingTransparencyPermissionResult.swift b/packages/authentication/ios/Plugin/Classes/Results/CheckAppTrackingTransparencyPermissionResult.swift
@@ -0,0 +1,31 @@
+import Capacitor
+import AppTrackingTransparency
+
+@objc public class CheckAppTrackingTransparencyPermissionResult: NSObject, Result {
+    let status: ATTrackingManager.AuthorizationStatus
+
+    init(_ status: ATTrackingManager.AuthorizationStatus) {
+        self.status = status
+    }
+
+    func toJSObject() -> AnyObject {
+        var result = JSObject()
+        result["status"] = convertStatusToPermissionStatus(status)
+        return result as AnyObject
+    }
+
+    private func convertStatusToPermissionStatus(_ status: ATTrackingManager.AuthorizationStatus) -> String {
+        switch status {
+        case .notDetermined:
+            return "prompt"
+        case .denied:
+            return "denied"
+        case .authorized:
+            return "granted"
+        case .restricted:
+            return "restricted"
+        @unknown default:
+            return "prompt"
+        }
+    }
+}
diff --git a/packages/authentication/ios/Plugin/FirebaseAuthentication.swift b/packages/authentication/ios/Plugin/FirebaseAuthentication.swift
@@ -2,6 +2,7 @@ import Foundation
 import Capacitor
 import FirebaseCore
 import FirebaseAuth
+import AppTrackingTransparency
 
 public typealias AuthStateChangedObserver = () -> Void
 
@@ -645,6 +646,16 @@ public typealias AuthStateChangedObserver = () -> Void
         return self.config
     }
 
+    func requestAppTrackingTransparencyPermission(completion: @escaping (CheckAppTrackingTransparencyPermissionResult) -> Void) {
+        ATTrackingManager.requestTrackingAuthorization { result in
+            completion(CheckAppTrackingTransparencyPermissionResult(result))
+        }
+    }
+
+    func checkAppTrackingTransparencyPermission(completion: @escaping (CheckAppTrackingTransparencyPermissionResult) -> Void) {
+        completion(CheckAppTrackingTransparencyPermissionResult(ATTrackingManager.trackingAuthorizationStatus))
+    }
+
     private func initAuthProviderHandlers(config: FirebaseAuthenticationConfig) {
         if config.providers.contains(ProviderId.apple) {
             self.appleAuthProviderHandler = AppleAuthProviderHandler(self)
diff --git a/packages/authentication/ios/Plugin/FirebaseAuthenticationPlugin.swift b/packages/authentication/ios/Plugin/FirebaseAuthenticationPlugin.swift
@@ -68,7 +68,9 @@ public class FirebaseAuthenticationPlugin: CAPPlugin, CAPBridgedPlugin {
         CAPPluginMethod(name: "updateProfile", returnType: CAPPluginReturnPromise),
         CAPPluginMethod(name: "useAppLanguage", returnType: CAPPluginReturnPromise),
         CAPPluginMethod(name: "useEmulator", returnType: CAPPluginReturnPromise),
-        CAPPluginMethod(name: "verifyBeforeUpdateEmail", returnType: CAPPluginReturnPromise)
+        CAPPluginMethod(name: "verifyBeforeUpdateEmail", returnType: CAPPluginReturnPromise),
+        CAPPluginMethod(name: "requestAppTrackingTransparencyPermission", returnType: CAPPluginReturnPromise),
+        CAPPluginMethod(name: "checkAppTrackingTransparencyPermission", returnType: CAPPluginReturnPromise)
     ]
     public let tag = "FirebaseAuthentication"
     public let errorProviderIdMissing = "providerId must be provided."
@@ -643,6 +645,22 @@ public class FirebaseAuthenticationPlugin: CAPPlugin, CAPBridgedPlugin {
         call.resolve()
     }
 
+    @objc func requestAppTrackingTransparencyPermission(_ call: CAPPluginCall) {
+        implementation?.requestAppTrackingTransparencyPermission { status in
+            if let result = status.toJSObject() as? JSObject {
+                call.resolve(result)
+            }
+        }
+    }
+
+    @objc func checkAppTrackingTransparencyPermission(_ call: CAPPluginCall) {
+        implementation?.checkAppTrackingTransparencyPermission { status in
+            if let result = status.toJSObject() as? JSObject {
+                call.resolve(result)
+            }
+        }
+    }
+
     @objc func handleAuthStateChange() {
         let user = implementation?.getCurrentUser()
         let userResult = FirebaseAuthenticationHelper.createUserResult(user)
diff --git a/packages/authentication/ios/Plugin/Handlers/FacebookAuthProviderHandler.swift b/packages/authentication/ios/Plugin/Handlers/FacebookAuthProviderHandler.swift
diff --git a/packages/authentication/src/definitions.ts b/packages/authentication/src/definitions.ts
diff --git a/packages/authentication/src/web.ts b/packages/authentication/src/web.ts

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@capacitor-firebase/authentication': minor
 +---
++
 +feat(ios): support Facebook Limited Login
Original file line number	Diff line number	Diff line change
`@@ -955,6 +955,16 @@ public void useEmulator(PluginCall call) {`
`955`	`955`	`}`
`956`	`956`	`}`
`957`	`957`
	`958`	`+ @PluginMethod`
	`959`	`+ public void requestAppTrackingTransparencyPermission(PluginCall call) {`
	`960`	`+ call.reject("Not available on Android.");`
	`961`	`+ }`
	`962`	`+`
	`963`	`+ @PluginMethod`
	`964`	`+ public void checkAppTrackingTransparencyPermission(PluginCall call) {`
	`965`	`+ call.reject("Not available on Android.");`
	`966`	`+ }`
	`967`	`+`
`958`	`968`	`public void handlePhoneVerificationCompleted(@NonNull final PhoneVerificationCompletedEvent event) {`
`959`	`969`	`notifyListeners(PHONE_VERIFICATION_COMPLETED_EVENT, event.toJSObject(), true);`
`960`	`970`	`}`