Why is the Facebook Authentication SDK behaving so very differently depending on its mode?

Question

I have an Android app in the App Store. It uses Firebase on the back-end and provides social login via Facebook (and Google).

Recently Facebook contacted me to warn me that my app is crashing/not responsive when logging in via Facebook. Confused, I embarked upon some testing.

What I found is that if I use the Facebook login without the Facebook app installed, everything works perfectly. The user is shown a browser window, can login, and they get redirected back to my app and I have their identity. Of course, I found all this during development but just wanted to confirm that things were still working.

But when I install the Facebook app (something I neglected to do during development), I found that it no longer works. Instead, the user is redirect to this page:

For search and accessibility, the text in this image reads:

Login Error: There is an error in logging you into this application. Please try again later.

I have checked the logs when this occurs and found the following that may be relevant but I'm not really sure:

07-05 15:36:28.468   908  5828 I ActivityManager: START u0 {act=NATIVE_WITH_FALLBACK cmp=<<redacted>>/com.facebook.FacebookActivity (has extras)} from uid 10264 07-05 15:36:28.469   665   665 D QCOM PowerHAL: LAUNCH HINT: ON 07-05 15:36:28.470   665   665 D QCOM PowerHAL: Activity launch hint handled 07-05 15:36:28.495  4837  4837 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@e64bd3e 07-05 15:36:28.689   665   665 D QCOM PowerHAL: LAUNCH HINT: OFF 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue: Exception during service 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue: X.2LH: [code] 404 [message]: Key hash GtvUdcOKFRAE0RY0LIw5veCA+M8= does not match any stored key hashes. (404) [extra]: null 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.1eL.C(:93) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.2sO.C(:26) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.CvC.umA(:38) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.2yi.handleResponse(:224) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.1dO.run(:71) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:458) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.0r0.run(:2) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.1qG.run(:2) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.12V.run(:3) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at X.1xB.run(:12) 07-05 15:36:28.946 29406  4941 W fb4a.BlueServiceQueue:         at java.lang.Thread.run(Thread.java:764) 07-05 15:36:28.981   908  8581 I ActivityManager: START u0 {cmp=com.facebook.katana/.ProxyAuth (has extras)} from uid 10264 07-05 15:36:28.982   665   665 D QCOM PowerHAL: LAUNCH HINT: ON 07-05 15:36:28.983   665   665 D QCOM PowerHAL: Activity launch hint handled 07-05 15:36:29.022 29406 29406 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@4f13a10 07-05 15:36:29.037 29406 29406 E Instrumentation: Uninitialized ActivityThread, likely app-created Instrumentation, disabling AppComponentFactory 07-05 15:36:29.037 29406 29406 E Instrumentation: java.lang.Throwable 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.Instrumentation.getFactory(Instrumentation.java:1224) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.Instrumentation.newActivity(Instrumentation.java:1215) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at X.05O.newActivity(:3382) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2869) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3086) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1816) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.os.Handler.dispatchMessage(Handler.java:106) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.os.Looper.loop(Looper.java:193) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at android.app.ActivityThread.main(ActivityThread.java:6718) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at java.lang.reflect.Method.invoke(Native Method) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 07-05 15:36:29.037 29406 29406 E Instrumentation:       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 07-05 15:36:29.045   908  2933 I ActivityManager: START u0 {flg=0x2000000 cmp=com.facebook.katana/com.facebook.gdp.ProxyAuth (has extras)} from uid 10262 07-05 15:36:29.047   665   665 D QCOM PowerHAL: LAUNCH HINT: ON 07-05 15:36:29.068 29406 29406 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@f095b27 07-05 15:36:29.069 29406 29406 E Instrumentation: Uninitialized ActivityThread, likely app-created Instrumentation, disabling AppComponentFactory 07-05 15:36:29.069 29406 29406 E Instrumentation: java.lang.Throwable 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.Instrumentation.getFactory(Instrumentation.java:1224) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.Instrumentation.newActivity(Instrumentation.java:1215) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at X.05O.newActivity(:3382) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2869) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3086) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1816) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.os.Handler.dispatchMessage(Handler.java:106) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.os.Looper.loop(Looper.java:193) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at android.app.ActivityThread.main(ActivityThread.java:6718) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at java.lang.reflect.Method.invoke(Native Method) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 07-05 15:36:29.069 29406 29406 E Instrumentation:       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 07-05 15:36:29.074   908  5828 I ActivityManager: START u0 {cmp=com.facebook.katana/com.facebook.gdp.LightWeightProxyAuthActivity (has extras)} from uid 10262 07-05 15:36:29.075   665   665 D QCOM PowerHAL: LAUNCH HINT: ON 07-05 15:36:29.121 29406 29406 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@d695c17 07-05 15:36:29.125 29406 29406 E Instrumentation: Uninitialized ActivityThread, likely app-created Instrumentation, disabling AppComponentFactory 07-05 15:36:29.125 29406 29406 E Instrumentation: java.lang.Throwable 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.Instrumentation.getFactory(Instrumentation.java:1224) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.Instrumentation.newActivity(Instrumentation.java:1215) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at X.05O.newActivity(:3382) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2869) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3086) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1816) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.os.Handler.dispatchMessage(Handler.java:106) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.os.Looper.loop(Looper.java:193) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at android.app.ActivityThread.main(ActivityThread.java:6718) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at java.lang.reflect.Method.invoke(Native Method) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 07-05 15:36:29.125 29406 29406 E Instrumentation:       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 07-05 15:36:29.166  4837  4846 W System  : A resource failed to call end. 07-05 15:36:29.250   665   665 D QCOM PowerHAL: LAUNCH HINT: OFF 07-05 15:36:29.266   908   952 I ActivityManager: Displayed com.facebook.katana/com.facebook.gdp.LightWeightProxyAuthActivity: +237ms 07-05 15:36:29.266 29463 29463 W BackgroundBroad: type=1400 audit(0.0:9257): avc: denied { read } for name="stats" dev="proc" ino=4026533031 scontext=u:r:untrusted_app:s0:c6,c257,c512,c768 tcontext=u:object_r:proc_qtaguid_stat:s0 tclass=file permissive=0 07-05 15:36:29.447   492  1273 D SurfaceFlinger: duplicate layer name: changing Surface(name=6e58560 com.facebook.katana/com.facebook.gdp.LightWeightProxyAuthActivity)/@0x13e5ed5 - animation-leash to Surface(name=6e58560 com.facebook.katana/com.facebook.gdp.LightWeightProxyAuthActivity)/@0x13e5ed5 - animation-leash#1 07-05 15:36:29.456   492  1273 D SurfaceFlinger: duplicate layer name: changing Surface(name=Dim Layer for - Task=2317)/@0x8471ddb - animation-leash to Surface(name=Dim Layer for - Task=2317)/@0x8471ddb - animation-leash#1 07-05 15:36:29.465   908  2933 I ActivityManager: START u0 {cmp=com.facebook.katana/.gdp.WebViewProxyAuth (has extras)} from uid 10262 07-05 15:36:29.467   665   665 D QCOM PowerHAL: LAUNCH HINT: ON 07-05 15:36:29.469   665   665 D QCOM PowerHAL: Activity launch hint handled 07-05 15:36:29.507 29406 29406 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@a7d9bb4 07-05 15:36:29.509 29406 29406 E Instrumentation: Uninitialized ActivityThread, likely app-created Instrumentation, disabling AppComponentFactory 07-05 15:36:29.509 29406 29406 E Instrumentation: java.lang.Throwable 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.Instrumentation.getFactory(Instrumentation.java:1224) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.Instrumentation.newActivity(Instrumentation.java:1215) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at X.05O.newActivity(:3382) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2869) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3086) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1816) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.os.Handler.dispatchMessage(Handler.java:106) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.os.Looper.loop(Looper.java:193) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at android.app.ActivityThread.main(ActivityThread.java:6718) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at java.lang.reflect.Method.invoke(Native Method) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 07-05 15:36:29.509 29406 29406 E Instrumentation:       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 07-05 15:36:29.517   908  8581 I ActivityManager: START u0 {cmp=com.facebook.katana/.gdp.ProxyAuthDialog (has extras)} from uid 10262 07-05 15:36:29.519   665   665 D QCOM PowerHAL: LAUNCH HINT: ON 07-05 15:36:29.567 29406 29406 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@19959e4 07-05 15:36:29.569 29406 29406 E Instrumentation: Uninitialized ActivityThread, likely app-created Instrumentation, disabling AppComponentFactory 07-05 15:36:29.569 29406 29406 E Instrumentation: java.lang.Throwable 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.Instrumentation.getFactory(Instrumentation.java:1224) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.Instrumentation.newActivity(Instrumentation.java:1215) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at X.05O.newActivity(:3382) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2869) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3086) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1816) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.os.Handler.dispatchMessage(Handler.java:106) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.os.Looper.loop(Looper.java:193) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at android.app.ActivityThread.main(ActivityThread.java:6718) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at java.lang.reflect.Method.invoke(Native Method) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 07-05 15:36:29.569 29406 29406 E Instrumentation:       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 07-05 15:36:29.651   492   540 D SurfaceFlinger: duplicate layer name: changing com.facebook.katana/com.facebook.katana.gdp.ProxyAuthDialog to com.facebook.katana/com.facebook.katana.gdp.ProxyAuthDialog#1 07-05 15:36:29.697   492  1763 D SurfaceFlinger: duplicate layer name: changing Dim Layer for - Task=2317 to Dim Layer for - Task=2317#1 07-05 15:36:29.720   665   665 D QCOM PowerHAL: LAUNCH HINT: OFF 07-05 15:36:29.731   492   540 W SurfaceFlinger: Attempting to set client state on removed layer: Dim Layer for - Task=2317#0 07-05 15:36:29.731   492   540 W SurfaceFlinger: Attempting to destroy on removed layer: Dim Layer for - Task=2317#0 

I noticed the use of NATIVE_WITH_FALLBACK mode and changed to WEB_ONLY to test. Whilst that gets me past the original problem pictured above, it creates another. Instead of asking me for login details, it shows the following:

Again, the text is:

You previously logged in to $MY_APP with Facebook. Would you like to continue?

If I choose to continue (there's no other choice but to cancel), it goes back to my app but Firebase gives me the ERROR_ACCOUNT_EXISTS_WITH_DIFFERENT_CREDENTIAL error, suggesting that the account is already associated with another provider. When I check in the Firebase console, the account shows as being a Facebook one. So it's like having the Facebook app installed makes Firebase think it's a separate social provider or something.

Finally, and somewhat out of desperation, I tried switching the authentication mode to WEB_VIEW_ONLY. Sure enough, this showed me exactly the same experience as when logging in without Facebook installed. Moreover, everything worked as expected.

My problem is that I'm not entirely sure what the implications of all this are (NOTE: see my update below). I remember reading somewhere about native Facebook login not really being a thing anymore (or perhaps it was the opposite and it should be used). Basically, I'm very confused and would really appreciate any answers to the following questions:

• Is using WEB_VIEW_ONLY an acceptable thing to do?
• Why does using NATIVE_WITH_FALLBACK show the error at the start of my post?
• Why does WEB_ONLY seem to treat the same account as a different provider?
• Why does the Facebook login SDK behave so very differently across these modes? I thought of them as being an innocuous preference that didn't have any impact on authentication itself, but gosh was I wrong.

Note that in all cases I'm following the official docs, including using the latest SDK version:

implementation 'com.facebook.android:facebook-login:[5,6)' 

Thanks for any assistance.

UPDATE: I updated my app to WEB_VIEW_ONLY and re-submitted it. Facebook have now told me:

Your App now is in violation of Platform Policy 8.2: Native iOS and Android apps that implement Facebook Login must use our official SDKs for Login. Please make sure your app is using the most recent version of our SDK for Login.

So I'm stuck between a rock and a hard place right now.

Answer 1

Heres the explanation of this problem:

07-05 15:36:28.946 29406 4941 W fb4a.BlueServiceQueue: Exception during service 07-05 15:36:28.946 29406 4941 W fb4a.BlueServiceQueue: X.2LH: [code] 404 [message]: Key hash GtvUdcOKFRAE0RY0LIw5veCA+M8= does not match any stored key hashes. (404) [extra]: null

Remember that the Key Hash that you configure in your facebook application, is related to the Keystore (certificate) with which your application is signed.

You must use Key hash with which you sign your application, if you do not know it, I suggest you get it again from your keystore:

https://developers.facebook.com/docs/android/getting-started/

Why does the Facebook login SDK behave so very differently across these modes? I thought of them as being an innocuous preference that didn't have any impact on authentication itself, but gosh was I wrong.

In web you don´t have problem but if you are inside an application you need to authorize the use of the application, and very important for this implementation in an android app, you need to use the Facebook SDK, and in this case you need to get the Key hash certificate with which your application is signed.