Alright, let's dive into why your Facebook login is failing for the review team even though it works perfectly on your end. Here are the most likely culprits and how to fix them:

1. 测试用户的有效性或使用问题 #

Even though you provided test users, there are a few critical checks to make:

• Did test users accept the app invitation? When you add a test user in the Facebook App Dashboard, they receive an email invite—if they didn’t accept it, they won’t be able to log in to your app in Development mode.
• Is the review team actually using the test users? Sometimes reviewers might accidentally use their personal accounts instead of the provided test users. You can clarify this in your review notes to avoid confusion.
• Test user account status: Ensure the test users don’t have any restrictions (like being flagged for suspicious activity) that could block their login access.

2. 哈希密钥配置疏漏 #

You mentioned adding debug and release hashes, but a common oversight here could be:

• Google Play App Signing hash mismatch: If you’re using Google Play’s App Signing feature (standard for most apps), the release hash you need to add to Facebook isn’t from your local keystore—it’s the SHA-1 from Google Play’s App Signing Certificate.
  • To get this value: Go to Google Play Console → Your App → Release → Setup → App Signing → Copy the SHA-1.
  • Convert it to Base64 (required by Facebook) with this command:

    echo -n "YOUR_SHA1_HERE" | xxd -r -p | base64
    

  • Add this hash to your Facebook App Dashboard → Settings → Basic → Android → Release Key Hashes.
• Local release hash verification: If you’re submitting an APK signed with your local keystore, regenerate the hash to confirm it matches what’s in Facebook:

  keytool -exportcert -alias YOUR_KEY_ALIAS -keystore YOUR_KEYSTORE_PATH | openssl sha1 -binary | openssl base64
  

3. 权限请求与审核状态冲突 #

Your code requests user_birthday and user_gender—these are extended permissions that require Facebook’s explicit approval. Here’s the catch:

• In Development mode, your test users can access these permissions without approval, but during review, Facebook may simulate the post-approval environment (or the reviewer might be using a non-test user account, where permission requests fail silently).
• Fix:
  • Make sure you’ve properly submitted these permissions for review in the Facebook App Dashboard → App Review → Permissions and Features. Include clear, specific explanations of how your app uses this data.
  • Add fallback logic in your code to handle permission denial. For example, if the user doesn’t grant user_birthday, don’t let that crash the entire login flow.

4. 登录回调的错误处理缺失 #

Looking at your code, you haven’t included the full FacebookCallback implementation—specifically the onFailure method. Without detailed error logging, you can’t see the exact reason for the login failure.

• Update your callback to log errors clearly:

  login_button.registerCallback(callbackManager, object : FacebookCallback<LoginResult> {
      override fun onSuccess(loginResult: LoginResult) {
          firebaseAuthFacebookSignIn(loginResult.accessToken)
      }
  
      override fun onCancel() {
          Log.d("FBLogin", "Login cancelled by user")
      }
  
      override fun onFailure(exception: Exception) {
          Log.e("FBLogin", "Login failed with error", exception)
          // You can also display this error to the user for debugging purposes
      }
  })
  

• Ask the review team to share the exact error message or logs they see—this will pinpoint the issue far faster than guessing.

5. 开发模式的隐性限制 #

Even in Development mode, some edge cases can block login for external users:

• IP restrictions: If you’ve set up IP whitelisting in your Facebook app settings, the review team’s IP might be blocked. Check this in App Dashboard → Settings → Advanced → Security → IP Allowlist.
• App visibility: Confirm your app is set to "Development" mode (not "Live") and that test users are correctly added to the "Roles" → "Test Users" section.

Next Steps to Debug #

1. First, confirm the review team is using your provided test users. If not, guide them to do so explicitly.
2. Regenerate and verify all relevant hash keys (local release, Google Play App Signing) in Facebook’s dashboard.
3. Check that your extended permissions are properly submitted for review with clear use cases.
4. Add detailed error logging to your login flow and request the review team’s specific error details.

内容的提问来源于stack exchange，提问作者Zorgan