diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
index da65e246ba..012f95dcce 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
     {
         public const string AuthenticationScheme = "Facebook";
 
-        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.5/dialog/oauth";
+        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.6/dialog/oauth";
 
-        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.5/oauth/access_token";
+        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token";
 
-        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.5/me";
+        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.6/me";
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index eaa339d153..f38ca8afc8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -86,7 +86,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/base/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
@@ -113,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri="+ UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
@@ -150,7 +150,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=", location);