Today, March 27, 2017, at 1235h PST, the Azure AD B2C monitors detected failures in new authentications when Facebook was used as the identity provider (most existing sessions would continue unaffected). The team has discovered that Facebook has implemented a change in the method they use to send their response from the access_token endpoint. The query response method, which was expected by Azure AD B2C, has been deprecated in favor of a JSON -formatted response.
FIX: The Azure AD B2C team has RESOLVED the issue for 100% of our impacted Azure AD B2C Standard customers. No action is needed.
Jose Rojas, Principal Program Manager, Azure AD B2C team
NOTE: A few tenants using some advanced private preview features (less than 1% of our total) with policies of the format B2C_1A_name must make an addition to their policies. The B2C team has contacted all tenants with active Facebook usage. All private preview developers are advised to add the following to their Facebook Technical Profile’s metadata section. Reach out to us at AADB2CPreview@microsoft.com with questions.
<!– The Facebook required HTTP GET method, but the access token response is in JSON format from 3/27/2017 –>