We configure social login apps for our newly created discourse site. Success with Google and Twitter but we failed with Facebook. During the Basic Settings, our “Privacy Policy” url was rejected multiple times. It is obviously located at .com/privacy/. It is publicly accessible via all browsers. Any help appreciated.
Can you view the privacy policy URL in incognito / anonymous mode, or in a different web browser you do not normally use?
Yes, including IE, Yandex Browser and Mobile.
You may need to take that up with Facebook, we have no other reports of this.
Yes you’re right. I also think it’s a Facebook related issue. Thanks mate.
I am having the same issue, did find out a solution?
When setting up Discourse (in a different context) I mistakenly used http instead of https for a link. I wonder whether you did this here. I installed the Facebook sign in plugin last month and it went all right.
I checked and i did use https.
Whatever error message you are getting, search the internet for it as I’m sure you’re not the first.
Did Facebook give you any more detail? We haven’t run into this so any information will have to be provided to/by you.
Hmm, if they’re looking for deletion information, try setting it to /tos
instead and see if that makes them happy.
Alternatively, edit your privacy policy to include a “send a private message to @moderators to remove your own information from the forum” statement.
There is some stuff about it here: Overview - Facebook Login - Documentation - Meta for Developers and Data Deletion Callback - Meta App Development - Documentation - Meta for Developers
I don’t know if that’s exactly the right place to look.
That sounds like the best way round it. If Discourse were to delete all the Facebook data automatically (I can’t remember - it’s just name, email and profile picture I think) then it would effectively mean anonymising the Discourse user, which mightn’t be what the user wanted when removing the login app from Facebook.
I don’t remember any of this from when I set up Facebook login - I just blindly followed the instructions from this forum and it seemed to work ok.
Edit: Thinking again, I don’t think there is any review process for what Discourse needs. Maybe you ticked something wrong at an earlier stage (asking for too much information)? Or maybe there’s just an new empty box for the deletion information that needs an URL that wasn’t mentioned in the instructions.
I’ve just checked at https://developers.facebook.com/ and there is now an extra input box which isn’t shown in the instructions at step 5 of Configuring Facebook login for Discourse.
It is underneath “Privacy Policy URL” and is called “User Data Deletion”. It lets you enter a URL for “Data Deletion Callback URL” or “Data Deletion Instructions URL”. The prompt in the box says “You can also provide a link”. My box is blank and I don’t propose to change anything in case I break it…
A tooltip states: “The General Data Protection Regulation (GDPR) requires developers to provide a way for people to request that their data be deleted. To be compliant with these requirements, you must provide either a data deletion request callback or instructions to inform people how to delete their data from your app or website. Learn More”
As an update i entered the URL of my privacy policy on this Facebook debugger, and i get this result:
Seems those are missing but not sure how to fix this.
These could be added in meta tags using a theme component, I think. There’s something about og:type at The Open Graph protocol
Leaving it blank for now seems like a reasonable approach to me.
I just configured Facebook logins for my test site. I added a Data Deletion section to my Discourse site’s Privacy page. In that section I explained both how to remove permissions for the Facebook App from the Associated Accounts section of the user’s preferences page and how to request account deletion or anonymization by contacting the site’s Staff group. I then added a link to that section of the Privacy page to the Facebook User Data Deletion field.
I am not certain that this meets Facebook’s criteria, but I was able to set the app to Live. Facebook login is now working on the site. I’ll keep an eye on it to see if Facebook requests any changes to the app’s configuration.
Can you share your Data Deletion section that you added to your Privacy page?, seems this is the way.
I wasn’t sure exactly what they were looking for, so I added two sections to my site’s Privacy page:
Data Deletion
Accounts on this site can be anonymized or deleted at the users request. Contact our
@support
group for details.App Removal
Any apps authorized for logging users onto the site can be removed by going to the Associated Accounts section of a user’s preferences page.
I configured the headings for these sections as anchor links and then included the anchor for the first section in the URL that I added to the Data Deletion Instructions URL on Facebook (https://forum.example.com/privacy#data-deletion
).
It’s not clear to me if Facebook is wanting details about how to remove their app to be displayed, but I don’t think it could hurt to give that information.
At this point, this is my best guess about how to meet Facebook’s criteria. I’ll try to confirm that and update the topic at Configure Facebook login for Discourse soon with details.
I added the same two sections with anchors links as you suggested and an important step on User Data Deletion i added my site’s Privacy page as Data Deletion Callback URL, afterwards Facebook asked me a Category for my site and selected as requested. Doing these three steps i could finally switch it to live mode and after on Products i configured a Facebook Login.