@Sadi: that's exactly the problem: by default (if that "AllowedSchemes" option is not used) we only use HTTPs. But with facebook this doesn't work, because even if you start authenticating to facebook over HTTPs, at a certain point you get redirected to a plain HTTP page (if only for a short time).
@Sadi: that's exactly the problem: by default (if that "AllowedSchemes" option is not used) we only use HTTPs. But with facebook this doesn't work, because even if you start authenticating to facebook over HTTPs, at a certain point you get redirected to a plain HTTP page (if only for a short time).