How would you expect it to be "fixed"? Are you proposing the FacebookFixedOAuth2SerializationService as an addition to the framework? Or should we just add it to the sample? I'm not sure we want to start implementing workarounds in the framework itself for random incorrect specific implementations of the spec - it's hard enough keeping up with changes in the spec itself, never mind all the individual implementations. But your opinion is valuable, so if you disagree, or I just misunderstood something, please say.