How safe is Facebook integration in ONLYOFFICE Workspace

Hello!

We got some questions on how we use Facebook in ONLYOFFICE and whether we pass any of our users’ data to it. You’ll find the answers in this post.

Does ONLYOFFICE Workspace include Facebook trackers?

No, ONLYOFFICE Workspace does not collect any data — we don’t use any activity trackers such as Facebook analytics. We don’t use any other Facebook SDK either.

How Facebook is used?

There are 3 main purposes:

• login via Facebook,
• sharing links to portal content,
• sharing a portal invitation link.

Is authentication via Facebook safe?

In ONLYOFFICE Workspace, we do use oAuth from Facebook.

Logging into Facebook and obtaining an access code is performed in a separate window. After that, the portal gets an access token and your Facebook profile is requested and linked to your ONLYOFFICE account.

No information is transmitted from the portal to Facebook during this process. See source code

How to disable Facebook authentication?

Logging in via Facebook can be enabled and disabled in the self-hosted version of ONLYOFFICE Workspace: Services -> Integration -> Third-party Services.

More information can be found in our Help Center.

In the cloud version, logging in via Facebook is enabled by default for paid tariffs.

Is sharing links and inviting people via Facebook safe?

In both cases, ONLYOFFICE uses a mechanism for posting to a user’s Facebook profile. However, no Facebook scripts or SDK are used. We only insert a link: https: //www.facebook.com/dialog/feed?.

You can check our source code for both cases:

• • Inviting users. See source code

• Sharing a link to the portal content. See source code

My safety addon warns me that ONLYOFFICE uses Facebook. What do I do?

Such add-ons as Facebook Container for Firefox detect links to Facebook in the HTML code. We explained it above that this is safe and no data is passed to Facebook.

You can also check it yourself:

• Open the browser console.
• Check the request addresses in the Network tab: there will be no Facebook domain.
• Check the page HTML code: there will be a link to Facebook. It is safe.