From 1 August 2018, Facebook needs to review all websites that use their API for anything but the most basic login mechanism.
On https://developers.facebook.com/docs/facebook-login/permissions you can see what user data can be obtained without Facebook review. They are: id, first_name, last_name, middle_name, name, name_format, picture, short_name, and email.
As far as I can see, Moodle also requests the Facebook field 'link' (which, strangely, is not mentionend on the above webpage, although 'user_link' is).
Does this mean that a Moodle installation that uses Facebook login must be reviewed by Facebook? And if so, is there a way to remove the offending 'link' request?
(More information at https://developers.facebook.com/docs/apps/review/faqs/?fragment=graph-api-3-0.)