Facebook Security Updates - Strict URI Matching

Created by Todd Zabel (Unlicensed)
Last updated: Feb 13, 2018
2 min read

In order to enhance security for Facebook apps, Facebook will begin requiring strict URI matching for redirect URIs in the Facebook app configuration beginning in March 2018 (Facebook has not been more specific than the March timeframe).

Any newly created apps or apps using API v2.11 are now subject to the strict URI matching requirement.


The Facebook error message we have seen which corresponds to this new policy is:

"Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."  


Janrain customers using Facebook login will need to audit their Facebook app Login Settings and update the Valid OAuth redirect URIs list.


The URI that should be listed here is the same URI provided in your Janrain dashboard for the Site URL setting.

It will have the following format:

https://engage-app-name.rpxnow.com/facebook/callback

Just replace ‘engage-app-name’ with the name of your Engage app and update the setting in your Facebook app.

We’ll be updating our dashboard and docs site soon with these details as well.