The problem is that function sfc_remote in file sfc-base.php is not properly parsing the oauth/access_token response from Facebook, which then causes “Malformed access token” errors.
The following change solved my login problem where the user’s e-mail address was not being provided:
I replaced the following problem code:
if (!is_wp_error($resp) && 200 == wp_remote_retrieve_response_code( $resp )) {
$args['access_token'] = str_replace('access_token=','',$resp['body']);
$saved_access_tokens[$obj] = $args['access_token'];
with:
if (!is_wp_error($resp) && 200 == wp_remote_retrieve_response_code( $resp )) {
$fb_params = array();
parse_str($resp['body'], $fb_params);
$args['access_token'] = $fb_params['access_token'];
$saved_access_tokens[$obj] = $args['access_token'];
