XF 1.5 Facebook login: Upgrade API Version + https


I am using XF 1.5.22.
I am now receiving emails from Facebook saying that:
Your App currently has access to Graph API v2.7 which will reach the end of its 2-year lifetime on 05 October, 2018. To ensure a smooth transition, please migrate all calls to Graph API v2.8 or higher. Use the API Upgrade Tool to understand exactly how this change will impact your app.
On the Facebook for developers page I see:
Should I choose another API version (I can choose v2.8 or higher).

Also apparently from January 2019, FB will make changes to GET{user-id} so do we need to make a change?

Additional question: our website is not https currently. Does it mean that the FB login will stop working anyway at the beginning of October?
And should I use strict mode to validate URI? (but which URL then for XF 1.5 as there is no connected_account.php ):

Thanks in advance

PS: just saw a similar thread here: https://xenforo.com/community/threads/facebook-app-settings-review.149915/


  • 1538238471948.png
    32 KB · Views: 2
Last edited:


XenForo developer
Staff member
The emails/alerts about FB API versions are generally just informational -- they're letting you know that something you have access to is being shut, regardless of whether you use it. (In this case, we don't.)

So generally, there's no action you need to take.


Ok, thanks @Mike

What about Client OAuth Login? Shall I disable or shall I list a URI (and in that case which one as it seems that for XF 1.5 there is no file connected_account.php ) .

In any case should we be prevented to use the FB login if our site is not HTTPS?


XenForo developer
Staff member
The change regarding strict redirect URIs should have already changed, though in 1.x, the values you need to enter vary depending on specific URL settings (which doesn't apply in 2.0). You also need to be running 1.5.17+ to fully account for those changes.

The value of the URL you need to enter is explained here: https://xenforo.com/xf1-docs/manual/social-media/

I haven't seen any explicit indication that they're blocking non-HTTPS calls, though if they do, then the only resolution would be to move to/support HTTPS on your site.


On FB Developer's interface it says:
Use HTTPS, instead of HTTP, as an internet protocol, because it uses encryption. HTTPS keeps transmitted data private and guards against eavesdropping attacks. It also prevents data from being tampered with during transmission by, for example, introducing advertisements or malicious code.
On October 6, 2018, all apps will be required to use HTTPS.
Regardless when I log on
...forums/register/facebook I have the following:
I have added the URI but now in the ACP it says: