login-flow | : key : A login/register flow built with React & Redux | Frontend Framework library

Last night Facebook disabled our app with the following justificative:

Developer Policy 6.1: Verify that you have integrated Login correctly. Your app shouldn't crash or hang during the testing process.

During Login, your app is crashing or hanging excessively, creating a broken experience for people trying to use your app. To make sure this flow runs smoothly, check that you've integrated Facebook Login correctly. We recommend that you test Login on all integrations. If you have not already done so, please:

• Here's our quickstart guide for implementing Facebook Login for Android: https://developers.facebook.com/docs/facebook-login/android • We encourage you to test your Login integration following these steps here: https://developers.facebook.com/docs/facebook-login/testing-your-login-flow/ • Best Practices for Login can be found here: https://developers.facebook.com/docs/facebook-login/best-practices

After going through the app options for Facebook Login, I found out that our public_profile permission is in "Standard Access." To allow our users to use Facebook Login, I will need to upgrade to "Advanced Access."

The documentation says that "Business apps created before February 16, 2021, were automatically approved for Advanced Access for the email and public_profile." I should be able to move our public_profile permission to "Advanced Access" because our app was created way before 2021. The problem is that after I click on the "Get Advanced Access" button and type my password, the page reloads, and the public_profile permission is still on the "Standard Access" mode.

So, these are my questions: what I am doing wrong? Is my app unable to upgrade our permissions to "Advanced Access" while being in this "Disabled" state? How can I debug my app to make it work again?

Some additional info about my app:

• It passed through the Facebook App Review in 2019, and we already got permission to manage Pages and read connected Instagram accounts;
• Everything was working fine until Facebook warned us that our Login integration was not working correctly;
• In response to the Facebook notification and before Facebook disabled our app, we enabled the "Login with the JavaScript SDK" and updated the "Allowed Domains for the JavaScript SDK" (such as "https://www.example.com/").
• I can't switch back our app to "Dev Mode" because the option is not showing up (is it due to being "Disabled"?)

Trying to refresh my long lived access token via this endpoint:

https://developers.facebook.com/docs/instagram-basic-display-api/guides/long-lived-access-tokens#refresh-a-long-lived-token

Keep getting the error: OAuth "Facebook Platform" "invalid_token" "Invalid OAuth access token."

However, I debug my token using https://developers.facebook.com/tools/debug/accesstoken/ which shows that it is valid and for around 2 months (which proves its a long lived access token).

Does this endpoint not work anymore or am I missing something?

P.S. I'm using a User Access Token, its a public Instagram business account backed by a Facebook page. Also, I'm using this on server, so it won't refresh if the token is used within 60 days (that's what happens when you auth through FB mobile sdk).

EDIT

So it looks like there are two requirements that I missed:

1. Your long lived access token has to be at least 24 hours old in order to refresh
2. You need the 'instagram_graph_user_profile' permission/scope when logging your user into Facebook

HOWEVER

I tried:

1. Oddly enough, whenever I add that permission/scope to the list, Facebook Login always fails and says "There's something wrong". I tried this using the facebook login react npm package, the manual login flow by just making requests, and the FB SDK login button, all the same result.
2. The Facebook Graph API Explorer doesn't include this permission. However, the list of permissions they have does include it.

So what does this mean, Facebook isn't allowing refresh of long lived tokens?

NOTE: The docs on how to refresh a long lived access token are for the Basic Display API, which isn't recommended for business accounts (which is who will be using my app). So this makes me more unsure of if it is possible to refresh tokens for the Instagram Graph API.

MORE INFO

So on the FB developer portal, if you add the Instagram Basic Display product to your app (I previously didn't have it) it allows you to ask for the instagram_graph_user_profile permission. However, this brings up more questions:

1. Do I have to use Insta Graph API + Insta Basic Display in order to get a a refreshable long lived access token?
2. If so, how does that work? Because Insta Basic Display is recommended for personal accounts and Graph API is for business accounts.
3. If so, how do I add the instagram_graph_user_profile permission? It still causes FB login to fail.

I've got an issue with a new Keycloak installation that I'm working on.

I've got a PHP-based app which authenticates users via Keycloak. This works fine as long as I use local users (users stored in the Keycloak-realm).

I want the users to be able to authenticate through an external IdP though. To achieve this, I've added this OIDC-IdP through the Keycloak Admin interface.

Everything works fine the first time a user logs in. If the user logs out and reattempts a login, Keycloak shows an error page: "We are sorry... Invalid username or password."

The logging at this point shows the following:

Please do not mark this as duplicate, I have read these SO question already but still, it is not working navigation component popUpTo bug Android navigation component popUpTo behaviour Android Navigation Component + Login Flow + Nested BottomNavigationView

I am using