diff --git a/src/Security/Authentication/Facebook/src/FacebookDefaults.cs b/src/Security/Authentication/Facebook/src/FacebookDefaults.cs
index f1ff992ce5a2..d62c2221dc12 100644
--- a/src/Security/Authentication/Facebook/src/FacebookDefaults.cs
+++ b/src/Security/Authentication/Facebook/src/FacebookDefaults.cs
@@ -24,15 +24,15 @@ public static class FacebookDefaults
     /// <remarks>
     /// For more details about this endpoint, see <see href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login"/>.
     /// </remarks>
-    public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v14.0/dialog/oauth";
+    public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v22.0/dialog/oauth";
 
     /// <summary>
     /// The OAuth endpoint used to retrieve access tokens.
     /// </summary>
-    public static readonly string TokenEndpoint = "https://graph.facebook.com/v14.0/oauth/access_token";
+    public static readonly string TokenEndpoint = "https://graph.facebook.com/v22.0/oauth/access_token";
 
     /// <summary>
     /// The Facebook Graph API endpoint that is used to gather additional user information.
     /// </summary>
-    public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v14.0/me";
+    public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v22.0/me";
 }
diff --git a/src/Security/Authentication/test/FacebookTests.cs b/src/Security/Authentication/test/FacebookTests.cs
index af088a9bc8c8..5ff71c3efe8e 100644
--- a/src/Security/Authentication/test/FacebookTests.cs
+++ b/src/Security/Authentication/test/FacebookTests.cs
@@ -230,7 +230,7 @@ public async Task NestedMapWillNotAffectRedirect()
         var transaction = await server.SendAsync("http://example.com/base/login");
         Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
         var location = transaction.Response.Headers.Location.AbsoluteUri;
-        Assert.Contains("https://www.facebook.com/v14.0/dialog/oauth", location);
+        Assert.Contains("https://www.facebook.com/v22.0/dialog/oauth", location);
         Assert.Contains("response_type=code", location);
         Assert.Contains("client_id=", location);
         Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
@@ -263,7 +263,7 @@ public async Task MapWillNotAffectRedirect()
         var transaction = await server.SendAsync("http://example.com/login");
         Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
         var location = transaction.Response.Headers.Location.AbsoluteUri;
-        Assert.Contains("https://www.facebook.com/v14.0/dialog/oauth", location);
+        Assert.Contains("https://www.facebook.com/v22.0/dialog/oauth", location);
         Assert.Contains("response_type=code", location);
         Assert.Contains("client_id=", location);
         Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
@@ -298,7 +298,7 @@ public async Task ChallengeWillTriggerRedirection()
         var transaction = await server.SendAsync("http://example.com/challenge");
         Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
         var location = transaction.Response.Headers.Location.AbsoluteUri;
-        Assert.Contains("https://www.facebook.com/v14.0/dialog/oauth", location);
+        Assert.Contains("https://www.facebook.com/v22.0/dialog/oauth", location);
         Assert.Contains("response_type=code", location);
         Assert.Contains("client_id=", location);
         Assert.Contains("redirect_uri=", location);
@@ -388,7 +388,7 @@ public async Task PkceSentToTokenEndpoint()
                         {
                             Sender = req =>
                             {
-                                if (req.RequestUri.AbsoluteUri == "https://graph.facebook.com/v14.0/oauth/access_token")
+                                if (req.RequestUri.AbsoluteUri == "https://graph.facebook.com/v22.0/oauth/access_token")
                                 {
                                     var body = req.Content.ReadAsStringAsync().Result;
                                     var form = new FormReader(body);
@@ -407,7 +407,7 @@ public async Task PkceSentToTokenEndpoint()
                                         token_type = "Bearer",
                                     });
                                 }
-                                else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://graph.facebook.com/v14.0/me")
+                                else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://graph.facebook.com/v22.0/me")
                                 {
                                     return ReturnJsonResponse(new
                                     {
@@ -433,7 +433,7 @@ public async Task PkceSentToTokenEndpoint()
         var transaction = await server.SendAsync("https://example.com/challenge");
         Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
         var locationUri = transaction.Response.Headers.Location;
-        Assert.StartsWith("https://www.facebook.com/v14.0/dialog/oauth", locationUri.AbsoluteUri);
+        Assert.StartsWith("https://www.facebook.com/v22.0/dialog/oauth", locationUri.AbsoluteUri);
 
         var queryParams = QueryHelpers.ParseQuery(locationUri.Query);
         Assert.False(string.IsNullOrEmpty(queryParams["code_challenge"]));