Develop Reference

ASWebAuthenticationSession in MacOS 10.15 (Catalina)

I am trying to implement the new ASWebAuthenticationSession in MacOS 10.15 and I'm getting a bit confused about the callbackURLScheme.
The header file for ASWebAuthenticationSession says:
The callback URL usually has a custom URL scheme. For the app to
receive the callback URL, it needs to either register the custom URL
scheme in its Info.plist, or set the scheme to callbackURLScheme
argument in the initializer.
So I initialize like this:
self.webAuthSession = [[ASWebAuthenticationSession alloc] initWithURL:self.authURL
callbackURLScheme:#"myurlscheme://"
completionHandler:^(NSURL * _Nullable callbackURL, NSError * _Nullable error) {
}];
The oauth provider I am trying to access, does not support custom URL schemes, so I have it set to redirect to a web address which in turn redirects to my URL Scheme.
So, after clicking Login in my MacOS app, Safari presents a window that allows me to login to the service. After successfully logging in the redirect happens but the web page just goes to a screen saying
Safari can't open the specified address.
I can see that the address is myurlscheme://?code=1234567890abcdefgetc... which is correct but it's obviously not calling the ASWebAuthenticationSession callback.
If I add the URL Scheme to the plist, then the safari window shows a prompt asking if you want to open it in the my app.
I know I can then fetch the code from the App Delegate's application:openURLs: method, but this is fiddly, has an unnecessary prompt for the user to click, and also leaves the ASWebAuth... safari window open. This should all be automatic through the callback.
The only way I get the callback to fire, is by closing the safari window in which case it calls back with error.

I have just returned to this to try again and it seems to be working fine on MacOS 10.15.1 and 10.15.2 beta.
I have noticed that the callbackURLScheme parameter must not include ://
I'm not able to go back and test it again on 10.15 but i'm happy to use this now assuming everyone on 10.15 would have updated to 10.15.1

Darren is right in MacOS you must remove the :// from the callbackURLScheme. iOS works fine no matter if you :// or not. However, in MacOS Catalyst there seems to be a bug. My app is getting focused once I login, but isn't getting the callback. Haven't found a way to fix it yet.

Vaadin session expired immediately

I have a simple vaadin application created from an achetype. The page with button is loaded but when you click it, session is already expired. This problem occurs just only under this conditions:
session is https
browsert is IE 11.0.14393.0 (after Windows 10 Aniversary Update 1607)
SPNEGO is used
Server is WildFly 10.1.0.Final
Other browsers (EDGE, Firefox, Chrome) works fine. Before Aniversary update the IE 11 worked as well.
I know it is not enough information but I don't know what can be important. Can you point me what should I check / should I do?
I haven't find anything strange at logs and communication. I'm guessing there will be something wrong with a session but I can not find what is bad :-(

The problem is caused by the internally generated request for favicon. This request is generated internally by IE and uses wrong session ID (jsessionID). Server creates a new session and answers with its ID. Unfortunately the IE then uses this new session ID for other requests. Other browsers (and previous IE version) correctly use the original jsessionID and do not the one that is returned as a response to the internally generated favicon request.
Solution: I have changed the favicon links within my application and pointed them outside of the secured server area.
#Override
public void modifyBootstrapPage(BootstrapPageResponse response) {
// FIX for IE11 at Windows 10 after anniversary update
response.getDocument().head().getElementsByAttributeValue("rel", "shortcut icon").attr("href", "/static/favicon.ico");
response.getDocument().head().getElementsByAttributeValue("rel", "icon").attr("href", "/static/favicon.ico");
}

How to disable webview cache for Windows Phone 8.1 Runtime universal app?

Is it possible to disable cache for the Webview control for a Windows Phone 8.1 runtime universal app? My App seems to be remembering the information it received the first time. My app logs me into a service and when I go back to rerun app in the emulator (without completing shutting down the emulator) it logs me in automatically rather than giving me the prompt. This behavior is in the NavigationCompleted handler if that helps explain a bit more on where I am hitting this issue.
If I were to shut off the emulator completely and then restart it then I am prompted for the login name and password again. I have gotten over this cache issue, when I was using the HttpClient in other part of my app, by sending the no-cache in the header as:
client.DefaultRequestHeaders.Add("Cache-Control", "no-cache");
Can I do something similar for the webview control?
Thank You!

here is the code which I used to clear the cookies which resolved my issue:
Windows.Web.Http.Filters.HttpBaseProtocolFilter myFilter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
var cookieManager = myFilter.CookieManager;
HttpCookieCollection myCookieJar = cookieManager.GetCookies(new Uri("target URI for WebView"));
foreach (HttpCookie cookie in myCookieJar)
{
cookieManager.DeleteCookie(cookie);
}

There is no way to do it programmatically.
But for the test purposes for Windows application you can do it manually - http://blogs.msdn.com/b/wsdevsol/archive/2012/10/18/nine-things-you-need-to-know-about-webview.aspx#AN7.

Content Security Policy: Couldn't parse invalid source chrome-extension

I'm getting a new error in my JS console on Firefox and I haven't changed the code.
I don't get this error in other browsers and doesn't seem to affect the functionality of my code.
It's obviously in some way related to Firefox, but it seems to be pointing the error out to my async loaded facebook JS SDK.
Anybody else using that SDK seeing this in Firefox now? Any help or insight?
This is the full message:
Content Security Policy: Couldn't parse invalid source chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl
and this is the line in the fb JS SDK:
*/__d("JSON3",[],function(a,b,c,d,e,f){(function(){var g={}.toString,h,i,j,k=e.exports={},l='{"A":[1,true,false,null,"\\u0000\\b\\n\\f\\r\\t"]}',m,n,o,p,q,r,s,t,u,v,w,x,y,z,aa,ba=new Date(-3509827334573292),ca,da,ea;try{ba=ba.getUTCFullYear()==-109252&&ba.getUTCMonth()===0&&ba.getUTCDate()==1&&ba.getUTCHours()==10&&ba.getUTCMinutes()==37&&ba.getUTCSeconds()==6&&ba.getUTCMilliseconds()==708;}catch(fa){}if(!ba){ca=Math.floor;da=[0,31,59,90,120,151,181,212,243,273,304,334];ea=function(ga,ha){return da[ha]+365*(ga-1970)+ca((ga-1969+(ha=+(ha>1)))/4)-ca((ga-1901+ha)/100)+ca((ga-1601+ha)/400);};}if(typeof JSON=="object"&&JSON){k.stringify=JSON.stringify;k.parse=JSON.parse;}if((m=typeof k.stringify=="function"&&!ea)){(ba=function(){return 1;}).toJSON=ba;try{m=k.stringify(0)==="0"&&k.stringify(new Number())==="0"&&k.stringify(new String())=='""'&&k.stringify(g)===j&&k.stringify(j)===j&&k.stringify()===j&&k.stringify(ba)==="1"&&k.stringify([ba])=="[1]"&&k.stringify([j])=="[null]"&&k.stringify(null)=="null"&&k.stringify([j,g,null])=="[null,null,null]"&&k.stringify({result:[ba,true,false,null,"\0\b\n\f\r\t"]})==l&&k.stringify(null,ba)==="1"&&k.stringify([1,2],null,1)=="[\n 1,\n 2\n]"&&k.stringify(new Date(-8.64e+15))=='"-271821-04-20T00:00:00.000Z"'&&k.stringify(new Date(8.64e+15))=='"+275760-09-13T00:00:00.000Z"'&&k.stringify(new Date(-62198755200000))=='"-000001-01-01T00:00:00.000Z"'&&k.stringify(new Date(-1))=='"1969-12-31T23:59:59.999Z"';}catch(fa){m=false;}}if(typeof k.parse=="function")try{if(k.parse("0")===0&&!k.parse(false)){ba=k.parse(l);if((r=ba.A.length==5&&ba.A[0]==1)){try{r=!k.parse('"\t"');}catch(fa){}if(r)try{r=k.parse("01")!=1;}catch(fa){}}}}catch(fa){r=false;}ba=l=null;if(!m||!r){if(!(h={}.hasOwnProperty))h=function(ga){var ha={},ia;if((ha.__proto__=null,ha.__proto__={toString:1},ha).toString!=g){h=function(ja){var ka=this.__proto__,la=ja in (this.__proto__=null,this);this.__proto__=ka;return la;};}else{ia=ha.constructor;h=function(ja){var ka=(this.constructor||ia).prototype;return ja in this&&!(ja in ka&&this[ja]===ka[ja]);};}ha=null;return h.call(this,ga);};i=function(ga,ha){var ia=0,ja,ka,la,ma;(ja=function(){this.valueOf=0;}).prototype.valueOf=0;ka=new ja();for(la in ka)if(h.call(ka,la))ia++;ja=ka=null;if(!ia){ka=["valueOf","toString","toLocaleString","propertyIsEnumerable","isPrototypeOf","hasOwnProperty","constructor"];ma=function(na,oa){var pa=g.call(na)=="[object Function]",qa,ra;for(qa in na)if(!(pa&&qa=="prototype")&&h.call(na,qa))oa(qa);for(ra=ka.length;qa=ka[--ra];h.call(na,qa)&&oa(qa));};}else if(ia==2){ma=function(na,oa){var pa={},qa=g.call(na)=="[object Function]",ra;for(ra in na)if(!(qa&&ra=="prototype")&&!h.call(pa,ra)&&(pa[ra]=1)&&h.call(na,ra))oa(ra);};}else ma=function(na,oa){var pa=g.call(na)=="[object Function]",qa,ra;for(qa in na)if(!(pa&&qa=="prototype")&&h.call(na,qa)&&!(ra=qa==="constructor"))oa(qa);if(ra||h.call(na,(qa="constructor")))oa(qa);};return ma(ga,ha);};if(!m){n={"\\":"\\\\",'"':'\\"',"\b":"\\b","\f":"\\f","\n":"\\n","\r":"\\r","\t":"\\t"};o=function(ga,ha){return ("000000"+(ha||0)).slice(-ga);};p=function(ga){var ha='"',ia=0,ja;for(;ja=ga.charAt(ia);ia++)ha+='\\"\b\f\n\r\t'.indexOf(ja)>-1?n[ja]:ja<" "?"\\u00"+o(2,ja.charCodeAt(0).toString(16)):ja;return ha+'"';};q=function(ga,ha,ia,ja,ka,la,ma){var na=ha[ga],oa,pa,qa,ra,sa,ta,ua,va,wa,xa,ya,za,ab,bb,cb;if(typeof na=="object"&&na){oa=g.call(na);if(oa=="[object Date]"&&!h.call(na,"toJSON")){if(na>-1/0&&na<1/0){if(ea){ra=ca(na/86400000);for(pa=ca(ra/365.2425)+1970-1;ea(pa+1,0)<=ra;pa++);for(qa=ca((ra-ea(pa,0))/30.42);ea(pa,qa+1)<=ra;qa++);ra=1+ra-ea(pa,qa);sa=(na%86400000+86400000)%86400000;ta=ca(sa/3600000)%24;ua=ca(sa/60000)%60;va=ca(sa/1000)%60;wa=sa%1000;}else{pa=na.getUTCFullYear();qa=na.getUTCMonth();ra=na.getUTCDate();ta=na.getUTCHours();ua=na.getUTCMinutes();va=na.getUTCSeconds();wa=na.getUTCMilliseconds();}na=(pa<=0||pa>=10000?(pa<0?"-":"+")+o(6,pa<0?-pa:pa):o(4,pa))+"-"+o(2,qa+1)+"-"+o(2,ra)+"T"+o(2,ta)+":"+o(2,ua)+":"+o(2,va)+"."+o(3,wa)+"Z";}else na=null;}else if(typeof na.toJSON=="function"&&((oa!="[object Number]"&&oa!="[object String]"&&oa!="[object Array]")||h.call(na,"toJSON")))na=na.toJSON(ga);}if(ia)na=ia.call(ha,ga,na);if(na===null)return "null";oa=g.call(na);if(oa=="[object Boolean]"){return ""+na;}else if(oa=="[object Number]"){return na>-1/0&&na<1/0?""+na:"null";}else if(oa=="[object String]")return p(na);if(typeof na=="object"){for(ab=ma.length;ab--;)if(ma[ab]===na)throw TypeError();ma.push(na);xa=[];bb=la;la+=ka;if(oa=="[object Array]"){for(za=0,ab=na.length;za<ab;cb||(cb=true),za++){ya=q(za,na,ia,ja,ka,la,ma);xa.push(ya===j?"null":ya);}return cb?(ka?"[\n"+la+xa.join(",\n"+la)+"\n"+bb+"]":("["+xa.join(",")+"]")):"[]";}else{i(ja||na,function(db){var eb=q(db,na,ia,ja,ka,la,ma);if(eb!==j)xa.push(p(db)+":"+(ka?" ":"")+eb);cb||(cb=true);});return cb?(ka?"{\n"+la+xa.join(",\n"+la)+"\n"+bb+"}":("{"+xa.join(",")+"}")):"{}";}ma.pop();}};k.stringify=function(ga,ha,ia){var ja,ka,la,ma,na,oa;if(typeof ha=="function"||typeof ha=="object"&&ha)if(g.call(ha)=="[object Function]"){ka=ha;}else if(g.call(ha)=="[object Array]"){la={};for(ma=0,na=ha.length;ma<na;oa=ha[ma++],((g.call(oa)=="[object String]"||g.call(oa)=="[object Number]")&&(la[oa]=1)));}if(ia)if(g.call(ia)=="[object Number]"){if((ia-=ia%1)>0)for(ja="",ia>10&&(ia=10);ja.length<ia;ja+=" ");}else if(g.call(ia)=="[object String]")ja=ia.length<=10?ia:ia.slice(0,10);return q("",(oa={},oa[""]=ga,oa),ka,la,ja,"",[]);};}if(!r){s=String.fromCharCode;t={"\\":"\\",'"':'"',"/":"/",b:"\b",t:"\t",n:"\n",f:"\f",r:"\r"};u=function(){z=aa=null;throw SyntaxError();};v=function(){var ga=aa,ha=ga.length,ia,ja,ka,la,ma;while(z<ha){ia=ga.charAt(z);if("\t\r\n ".indexOf(ia)>-1){z++;}else if("{}[]:,".indexOf(ia)>-1){z++;return ia;}else if(ia=='"'){for(ja="#",z++;z<ha;){ia=ga.charAt(z);if(ia<" "){u();}else if(ia=="\\"){ia=ga.charAt(++z);if('\\"/btnfr'.indexOf(ia)>-1){ja+=t[ia];z++;}else if(ia=="u"){ka=++z;for(la=z+4;z<la;z++){ia=ga.charAt(z);if(!(ia>="0"&&ia<="9"||ia>="a"&&ia<="f"||ia>="A"&&ia<="F"))u();}ja+=s("0x"+ga.slice(ka,z));}else u();}else{if(ia=='"')break;ja+=ia;z++;}}if(ga.charAt(z)=='"'){z++;return ja;}u();}else{ka=z;if(ia=="-"){ma=true;ia=ga.charAt(++z);}if(ia>="0"&&ia<="9"){if(ia=="0"&&(ia=ga.charAt(z+1),ia>="0"&&ia<="9"))u();ma=false;for(;z<ha&&(ia=ga.charAt(z),ia>="0"&&ia<="9");z++);if(ga.charAt(z)=="."){la=++z;for(;la<ha&&(ia=ga.charAt(la),ia>="0"&&ia<="9");la++);if(la==z)u();z=la;}ia=ga.charAt(z);if(ia=="e"||ia=="E"){ia=ga.charAt(++z);if(ia=="+"||ia=="-")z++;for(la=z;la<ha&&(ia=ga.charAt(la),ia>="0"&&ia<="9");la++);if(la==z)u();z=la;}return +ga.slice(ka,z);}if(ma)u();if(ga.slice(z,z+4)=="true"){z+=4;return true;}else if(ga.slice(z,z+5)=="false"){z+=5;return false;}else if(ga.slice(z,z+4)=="null"){z+=4;return null;}u();}}return "$";};w=function(ga){var ha,ia,ja;if(ga=="$")u();if(typeof ga=="string"){if(ga.charAt(0)=="#")return ga.slice(1);if(ga=="["){ha=[];for(;;ia||(ia=true)){ga=v();if(ga=="]")break;if(ia)if(ga==","){ga=v();if(ga=="]")u();}else u();if(ga==",")u();ha.push(w(ga));}return ha;}else if(ga=="{"){ha={};for(;;ia||(ia=true)){ga=v();if(ga=="}")break;if(ia)if(ga==","){ga=v();if(ga=="}")u();}else u();if(ga==","||typeof ga!="string"||ga.charAt(0)!="#"||v()!=":")u();ha[ga.slice(1)]=w(v());}return ha;}u();}return ga;};y=function(ga,ha,ia){var ja=x(ga,ha,ia);if(ja===j){delete ga[ha];}else ga[ha]=ja;};x=function(ga,ha,ia){var ja=ga[ha],ka;if(typeof ja=="object"&&ja)if(g.call(ja)=="[object Array]"){for(ka=ja.length;ka--;)y(ja,ka,ia);}else i(ja,function(la){y(ja,la,ia);});return ia.call(ga,ha,ja);};k.parse=function(ga,ha){z=0;aa=ga;var ia=w(v());if(v()!="$")u();z=aa=null;return ha&&g.call(ha)=="[object Function]"?x((ba={},ba[""]=ia,ba),"",ha):ia;};}}}).call(this);});

I solved this same problem for myself after recently posting it as a Facebook bug on https://developers.facebook.com/x/bugs/729597157070762/ With FB's help I noticed the following unwanted browser extensions in Firefox: Searchme, Slick Savings, Amazon Shopping Assistant, and Ebay Shopping Assistant. Turns out these are essentially malware that effected Firefox, Safari, and Chrome on my Mac. They're made by a company called Spigot, Inc.
While searching for an effective means of virus removal I found this link http://www.thesafemac.com/arg-spigot/ which gives detailed instructions how to do so.
I hope this helps you kevin!
Unfortunately a month or so after my original answer (above) the same error and warnings came back for me but just as of yesterday, 4/22/2014 they changed to these 5 warnings, instead:
Content Security Policy: allow directive is deprecated, use the equivalent
default-src directive instead
...conds();wa=na.getUTCMilliseconds();}na=(pa<=0||pa>=10000?(pa<0?"-":"+")+o(6,pa<0...
all.js (line 27)
The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
"Content Security Policy: allow directive is deprecated, use the equivalent default-src directive instead"
"The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead."
Use of getPreventDefault() is deprecated. Use defaultPrevented instead.
{href:function(a){return a.getAttribute("href")},type:function(a){return a.getAt
jquery.min.js (line 3)
My guess is that the errors/warnings are due to the way the Facebook like button is engineered and how it interacts with Firefox and other browsers. The change in warnings and errors to these new warnings seems to indicate that Facebook and or Mozilla are working on this issue and will hopefully fix it...???
yesterday, 4/29/2014 This was officially classified as a Facebook known bug issue I created and is currently being addressed. Below is text from the FB email to me:
The bug you are subscribed to "like button works but errors show onload in firebug "Content Security Policy: Failed to parse unrecognized source chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl"" has been updated:
Status has changed: Closed → Assigned
Hi All, We have managed to reproduce this issue and it appears to be a valid bug. We are assigning this to the appropriate team. This might take some time to fix but we will do our best to keep you updated on the progress of this bug as soon as we can. Thanks
today, 5/07/2014 I just received an email from Facebook stating,
"Status has changed: Assigned → Fixed
This should now be resolved. Thanks for your patience."
Looks good on my end, no longer an issue.

I deleted all FF extensions, and started from clean FF 28 installation.
Installed firebug and user agent overrider add-ons and did not get this error.
Then, I changed user agent and an error shows up on some agents and does not on some.
Error shows up on following agents:
Mac / chrome 32
linux / chrome 32
windows / chrome 32
Android / chrome 32

FYI,
I recently encountered this issue while adding the Facebook javascript login while working in Firefox (28) Private browsing.
I noticed that my Firebug console would consistenly display
"Couldn't parse invalid source chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl" etc...
It wasn't until I closed my browser completely that this message went away.
This meant that while I was testing my app I would need to completely close out of my browser to refresh the application, not just my private windows but all windows and console log windows as well.
I did not test this in other browsers just Firefox 28.

xcode project always gets facebook login fail status

I encountered a facebook login problem. I installed FB SDK 3.0 and sample projects seemly run well --- not quite sure though. When I create a button in my own project and try to log in to Facebook, I always get FBSessionStateClosedLoginFailed from sessionStateChanged method, although I apparently get the page "You have already authorized this app. Press Okay to continue". I also tried log out through Simulator Safari facebook page, and re-launched my project and I got new username/password page and I then logged in, but I still get FBSessionStateClosedLoginFailed!
A few more observations.
1, I got FBSessionStateClosedLoginFailed thru NSLog, the log comes up right after I clicked Okay button on the Facebook page "You have already authorized this app.
2, I tried clean xcode project cache, but no help.
Kind of frustrated. I wonder if any of you can help on this problem. Appreciated!
-Tony
Addition:
I did a bit more research, and I found what I have is probably a typical problem, as Facebook highlight here ("Pro-tip 3: Complete all iOS App Settings" section in page http://developers.facebook.com/docs/howtos/login-with-facebook-using-ios-sdk/). The image with a big red cross over iPhone is exactly what I have. From xcode project, I click my login button, and I'm directed to this page, and every time I have to click "Okay" on this page (let me call it Okay_page) to go back to my app in Simulator, however with login status as FBSessionStateClosedLoginFailed. I checked bundle ID, I have it correct. I don't have a 'YOUR_IPHONE_APP_STORE_ID' yet, which I believe I need pay Apple to get and I will do it later but not while I'm still working on it.
Now get a couple of questions:
1, Do I have to have YOUR_IPHONE_APP_STORE_ID to skip this Okay_page?
2, Does this (not automatically re-directed back to my app from this Okay_page) have anything to do with that I always get a login status of FBSessionStateClosedLoginFailed when I manually click Okay in this Okay_page and return to my app in Simulator? In another word, is (that I have to manually click Okay to get back to my app in Simulator) (the reason I got a status of FBSessionStateClosedLoginFailed)?

Did you have set this function in AppDelegate?
-(BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation {
return [FBSession.activeSession handleOpenURL:url];
}

I had the same issue:
We created the facebook app (developer.facebook.com) setting our
bundle id (ex. com.MyCompany.MyApp)
Off course, created our iOS app with the same bundle id
After delivered our app to the client, he changed the bundle id
without notify us.
Obviously he started to get FBSessionStateClosedLoginFailed errors!
So, you probably have different bundle id's between your iOS project and your Facebook App.

I had this error and couldn't resolve it for quite some time. It turns out that if you are using the native iOS Facebook account in settings and choose "no" for allow Facebook for this app, the app is blocked by the OS. You will always get the FBSessionStateClosedLoginFailed error and there is nothing you can do inside the code to fix this (99% sure). The best you can do is alert the user to check out the settings.

i am typing wrong line in given below method. self.session was nil
return [self.session handleOpenURL:url];
it should be
return [[FBSession activeSession] handleOpenURL:url];
Use Following Method.
- (BOOL)application:(UIApplication *)application
openURL:(NSURL *)url
sourceApplication:(NSString *)sourceApplication
annotation:(id)annotation {
// attempt to extract a token from the url
return [[FBSession activeSession] handleOpenURL:url];
// return [self.session handleOpenURL:url];
}

I fixed this problem after I reset the simulator. iOS Simulator - Reset Content and Settings..., hope to help.

I had this issue because I was calling [FBSession.activeSession close] in my applicationDidEnterBackground: app delegate callback. This closed the session so that when the redirect brought the app back up to open the session, it failed because it had been put into the closed state.
Make sure that you're not closing the session anywhere before you get to the Okay page.

go to Facebook.com. Open your application on the left panel -> Status & Review -> there is a toggle with text "Do you want to make this app and all its live features available to the general public?". Turn it on

well. I followed FBLoginCustomUISample somewhere on github.com and it was a working example of facebook login implementation from facebook itself. You can also read my workaround while creating facebook login feature in a iOS app. Here is a link form me:
Native iOS Facebook SSO won't return to app