From 949c7bb276e463dbb9c847efd038d56d0615d03b Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 13 Nov 2024 09:24:20 +0100
Subject: [PATCH 1/2] chore: use facebook graph api v21

---
 selfservice/strategy/oidc/provider_facebook.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selfservice/strategy/oidc/provider_facebook.go b/selfservice/strategy/oidc/provider_facebook.go
index 8bbca9b24e83..919912b459bd 100644
--- a/selfservice/strategy/oidc/provider_facebook.go
+++ b/selfservice/strategy/oidc/provider_facebook.go
@@ -69,7 +69,7 @@ func (g *ProviderFacebook) Claims(ctx context.Context, token *oauth2.Token, quer
 	}
 
 	appSecretProof := g.generateAppSecretProof(token)
-	u, err := url.Parse(fmt.Sprintf("https://graph.facebook.com/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender&appsecret_proof=%s", appSecretProof))
+	u, err := url.Parse(fmt.Sprintf("https://graph.facebook.com/v21.0/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender&appsecret_proof=%s", appSecretProof))
 	if err != nil {
 		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
 	}

From 865c8611e411d92f1eb7e5cc9affb5fe5a29ce4a Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 13 Nov 2024 09:41:53 +0100
Subject: [PATCH 2/2] chore: synchronize workspaces

---
 selfservice/strategy/oidc/provider_facebook.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/selfservice/strategy/oidc/provider_facebook.go b/selfservice/strategy/oidc/provider_facebook.go
index 919912b459bd..2f7a0a58aff0 100644
--- a/selfservice/strategy/oidc/provider_facebook.go
+++ b/selfservice/strategy/oidc/provider_facebook.go
@@ -69,7 +69,12 @@ func (g *ProviderFacebook) Claims(ctx context.Context, token *oauth2.Token, quer
 	}
 
 	appSecretProof := g.generateAppSecretProof(token)
-	u, err := url.Parse(fmt.Sprintf("https://graph.facebook.com/v21.0/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender&appsecret_proof=%s", appSecretProof))
+	// Do not use the versioned Graph API here. If you do, it will break once the version is deprecated. See also:
+	//
+	// When you use https://graph.facebook.com/me without specifying a version, Facebook defaults to the oldest
+	// available version your app supports. This behavior ensures backward compatibility but can lead to unintended
+	// issues if that version becomes deprecated.
+	u, err := url.Parse(fmt.Sprintf("https://graph.facebook.com/me?fields=id,name,first_name,last_name,middle_name,email,picture,birthday,gender&appsecret_proof=%s", appSecretProof))
 	if err != nil {
 		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
 	}