I've been implementing an OAuth2 client application, and integrating it with various OIDC and non-OIDC social login services like Google, GitHub, etc. Facebook is an interesting case. It appears to implement everything needed for OIDC to work, except putting the token endpoint in the discovery document[0], requiring a small amount of special logic in my app to add it manually. It's such a strange oversite that it seems deliberate. Any ideas what the rationale is for this?[0]: https://www.facebook.com/.well-known/openid-configuration