Our web app uses Facebook and Google social logins. We've implemented those using the recommended approach with JS SDKs.

That was easy to do and works fine most of the time, but I've started to see many users facing issues with that when they access the web app using a private browsing mode or have other privacy-related settings turned on. Namely some browsers block the Facebook JS SDKs, and many block third-party cookies which breaks the default Google sign-in.

Given that I've started thinking about implementing the OAuth flow manually completely skipping the JS SDKs. Seems like this will give the most robust results, it is better for user's privacy and can save some bandwidth on the initial page load.

Have anyone followed the same route? Are there any concerns with this approach, e.g. about the security of SDK way vs the manual way?

See also:

• Google OAuth Flow
• Google JS SDK Sign-in
• Facebook OAuth Flow
• Facebook JS SDK Sign-in