Protocol: Using Facebook Login

This resource summarizes the information you need to successfully integrate Login and navigate the App Review and re-review processes.

FB Login Integration Best Practices

• Use Meta's SDKs
  • Be prepared to manage Access Tokens, and troubleshoot bugs and errors
  • If you DO NOT use Meta's SDK (which Meta does not recommend), review the Manually Build a Login Flow Developer Doc to learn about manually checking for token validity
• Follow Facebook resources for integrating Login:
  • Facebook Login for iOS
  • Facebook Login for Android
  • Facebook Login for the Web
  • Facebook Login for Devices
• When planning for the look and feel of your Login integration, follow Meta's Brand Resource Center and User Experience Design recommendations, and make sure you are adhering to the Developer Policies
• Only ask for permissions you need, and explain why
  • Refer to Meta's Permissions reference for allowed usages for each permission type
• Test integration integration thoroughly and adhere to FB guidelines for branding & UX
• Implement a data deletion callback as a best practice and to comply with laws like GDPR
• Prepare for App Review
  • Create a Screen Recording for each permission you are requesting
  • Check out Meta's App Review for Login - Examples
  • Review the Rejection Guides provided in the Developer Docs
  • Review the Before You Submit checklist
• Developer Support Page and the Facebook Developer Community group for support from your fellow developers

Review Process

When you're ready to submit for review, make use of Meta's Submitting for Review doc.

To help prepare yourself for the review process, follow these four best practices:

1. Have your app, plan, and submission in order
2. Have a regular testing cadence planned, with comprehensive test scenarios and use cases
3. List the features and permissions your app is requesting and and why you're requesting them
4. Be on brand for yourself - not someone else. Don't try to brand yourself as if you are associated with Facebook, or any other major company.

App Review Rejections

• Common reasons for rejection (main submission):
  • You're asking for data your app doesn't need
  • Meta is unable to test your app - you must grant access
  • You do not have a privacy policy
  • Your app is still in development
  • You're using a fake or personal account for testing
• If main submission is accepted, Facebook could still request more details, including:
  • Missing screen recordings
  • Your reasons for requesting access to certain data

For more help, check out the “Preparing for Initial App Review with FB Login checklist”.

For full details on rejections, use the Facebook Rejection Guides.

Disclaimer: This resource does not guarantee compliance with Meta policies, nor applicable data privacy laws. Review Meta's Platform Terms for a comprehensive overview of Meta's requirements.