Bugs People Find, Part 3: Testing Facebook Login
Welcome to part 3 of our occasional series on weird software bugs that people find even when automated tests don’t.
Facebook Login is a boon for developers. Instead of forcing users to create a new username and password, you can let them log into your app or website with a couple of clicks. This is particularly valuable on mobile, where nobody wants to fill in a long registration form. Moreover, developers can ask for permission to access parts of the user’s Facebook profile, opening a world of possibilities.
But with these possibilities come complexity, and with complexity comes danger.
Facebook Login supports iOS, Android, Web, Windows, and a variety of Internet of Things devices. And each of the mobile platforms may have different versions of the operating system and the Facebook app. It’s very difficult to simulate all of these conditions in the lab, so most development teams don’t bother, which is fine….
Until it isn’t.
Because when even a small percentage of your users can’t log into your app, they get angry and you lose business. And once users have logged in, sometimes apps expect that a user has granted Facebook certain permissions (because that’s what the test users you’ve set up with Facebook have done) and don’t behave properly when those permissions aren’t set. There’s also likely a difference in your app’s internal logic between Facebook login for a first-time user (when an account is created) and Facebook login for an existing user, so ideally you want to test both flows.
Human testers test a variety of phones, operating systems, versions of Facebook, and sets of permissions, so they uncover problems that your automated tests and in-house teams miss. We catch a lot of errors with Facebook login.