Thanks for the code.

I'm using this behind an Haproxy load balancer which does SSL termination. So I'm within an http:// call.

RedirectLoginHelper has this:

$redirectUrl ??= $this->urlDetectionHandler->getCurrentUrl();

UrlDetectionHandler::isBehindSsl will return http:// in this case, but I will want it to use https:// because it'll go to the load balancer.

I'm not sure that Facebook still supports API access over HTTP - I'm getting it returning errors about my domain being invalid (which it's not).

Is there any way to override to always use SSL?

You can write your own class with interface UrlDetectionInterface and insert it to config parameter url_detection_handler.