diff --git a/packages/facebook-oauth/facebook_client.js b/packages/facebook-oauth/facebook_client.js
index 5aa2da16b7..934de95d92 100644
--- a/packages/facebook-oauth/facebook_client.js
+++ b/packages/facebook-oauth/facebook_client.js
@@ -6,46 +6,46 @@ Facebook = {};
 // @param credentialRequestCompleteCallback {Function} Callback function to call on
 //   completion. Takes one argument, credentialToken on success, or Error on
 //   error.
-Facebook.requestCredential = function (options, credentialRequestCompleteCallback) {
+Facebook.requestCredential = (options, credentialRequestCompleteCallback) => {
   // support both (options, callback) and (callback).
   if (!credentialRequestCompleteCallback && typeof options === 'function') {
     credentialRequestCompleteCallback = options;
     options = {};
   }
 
-  var config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
+  const config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
   if (!config) {
     credentialRequestCompleteCallback && credentialRequestCompleteCallback(
       new ServiceConfiguration.ConfigError());
     return;
   }
 
-  var credentialToken = Random.secret();
-  var mobile = /Android|webOS|iPhone|iPad|iPod|BlackBerry|Windows Phone/i.test(navigator.userAgent);
-  var display = mobile ? 'touch' : 'popup';
+  const credentialToken = Random.secret();
+  const mobile = /Android|webOS|iPhone|iPad|iPod|BlackBerry|Windows Phone/i.test(navigator.userAgent);
+  const display = mobile ? 'touch' : 'popup';
 
-  var scope = "email";
+  let scope = "email";
   if (options && options.requestPermissions)
     scope = options.requestPermissions.join(',');
 
-  var loginStyle = OAuth._loginStyle('facebook', config, options);
+  const loginStyle = OAuth._loginStyle('facebook', config, options);
 
-  var loginUrl =
-        'https://www.facebook.com/v2.9/dialog/oauth?client_id=' + config.appId +
-        '&redirect_uri=' + OAuth._redirectUri('facebook', config) +
-        '&display=' + display + '&scope=' + scope +
-        '&state=' + OAuth._stateParam(loginStyle, credentialToken, options && options.redirectUrl);
+  let loginUrl =
+      `https://www.facebook.com/v2.9/dialog/oauth?client_id=${config.appId}` +
+      `&redirect_uri=${OAuth._redirectUri('facebook', config)}` +
+      `&display=${display}&scope=${scope}` +
+      `&state=${OAuth._stateParam(loginStyle, credentialToken, options && options.redirectUrl)}`;
 
   // Handle authentication type (e.g. for force login you need auth_type: "reauthenticate")
   if (options && options.auth_type) {
-    loginUrl += "&auth_type=" + encodeURIComponent(options.auth_type);
+    loginUrl += `&auth_type=${encodeURIComponent(options.auth_type)}`;
   }
 
   OAuth.launchLogin({
     loginService: "facebook",
-    loginStyle: loginStyle,
-    loginUrl: loginUrl,
-    credentialRequestCompleteCallback: credentialRequestCompleteCallback,
-    credentialToken: credentialToken
+    loginStyle,
+    loginUrl,
+    credentialRequestCompleteCallback,
+    credentialToken,
   });
 };
diff --git a/packages/facebook-oauth/facebook_server.js b/packages/facebook-oauth/facebook_server.js
index f124676deb..8e17d12b95 100644
--- a/packages/facebook-oauth/facebook_server.js
+++ b/packages/facebook-oauth/facebook_server.js
@@ -1,38 +1,38 @@
 Facebook = {};
-var crypto = Npm.require('crypto');
+import crypto from 'crypto';
 
-Facebook.handleAuthFromAccessToken = function handleAuthFromAccessToken(accessToken, expiresAt) {
+Facebook.handleAuthFromAccessToken = (accessToken, expiresAt) => {
   // include all fields from facebook
   // http://developers.facebook.com/docs/reference/login/public-profile-and-friend-list/
-  var whitelisted = ['id', 'email', 'name', 'first_name',
+  const whitelisted = ['id', 'email', 'name', 'first_name',
       'last_name', 'link', 'gender', 'locale', 'age_range'];
 
-  var identity = getIdentity(accessToken, whitelisted);
+  const identity = getIdentity(accessToken, whitelisted);
 
-  var serviceData = {
-    accessToken: accessToken,
-    expiresAt: expiresAt
+  const fields = {};
+  whitelisted.forEach(field => fields[field] = identity[field]);
+  const serviceData = {
+    accessToken,
+    expiresAt,
+    ...fields,
   };
-
-  var fields = _.pick(identity, whitelisted);
-  _.extend(serviceData, fields);
-
+  
   return {
-    serviceData: serviceData,
+    serviceData,
     options: {profile: {name: identity.name}}
   };
 };
 
-OAuth.registerService('facebook', 2, null, function(query) {
-  var response = getTokenResponse(query);
-  var accessToken = response.accessToken;
-  var expiresIn = response.expiresIn;
+OAuth.registerService('facebook', 2, null, query => {
+  const response = getTokenResponse(query);
+  const { accessToken } = response;
+  const { expiresIn } = response;
 
   return Facebook.handleAuthFromAccessToken(accessToken, (+new Date) + (1000 * expiresIn));
 });
 
 // checks whether a string parses as JSON
-var isJSON = function (str) {
+const isJSON = str => {
   try {
     JSON.parse(str);
     return true;
@@ -44,12 +44,12 @@ var isJSON = function (str) {
 // returns an object containing:
 // - accessToken
 // - expiresIn: lifetime of token in seconds
-var getTokenResponse = function (query) {
-  var config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
+const getTokenResponse = query => {
+  const config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
   if (!config)
     throw new ServiceConfiguration.ConfigError();
 
-  var responseContent;
+  let responseContent;
   try {
     // Request an access token
     responseContent = HTTP.get(
@@ -62,16 +62,18 @@ var getTokenResponse = function (query) {
         }
       }).data;
   } catch (err) {
-    throw _.extend(new Error("Failed to complete OAuth handshake with Facebook. " + err.message),
-                   {response: err.response});
+    throw Object.assign(
+      new Error(`Failed to complete OAuth handshake with Facebook. ${err.message}`),
+      { response: err.response },
+    );
   }
 
-  var fbAccessToken = responseContent.access_token;
-  var fbExpires = responseContent.expires_in;
+  const fbAccessToken = responseContent.access_token;
+  const fbExpires = responseContent.expires_in;
 
   if (!fbAccessToken) {
     throw new Error("Failed to complete OAuth handshake with facebook " +
-                    "-- can't find access token in HTTP response. " + responseContent);
+                    `-- can't find access token in HTTP response. ${responseContent}`);
   }
   return {
     accessToken: fbAccessToken,
@@ -79,14 +81,14 @@ var getTokenResponse = function (query) {
   };
 };
 
-var getIdentity = function (accessToken, fields) {
-  var config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
+const getIdentity = (accessToken, fields) => {
+  const config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
   if (!config)
     throw new ServiceConfiguration.ConfigError();
 
   // Generate app secret proof that is a sha256 hash of the app access token, with the app secret as the key
   // https://developers.facebook.com/docs/graph-api/securing-requests#appsecret_proof
-  var hmac = crypto.createHmac('sha256', OAuth.openSecret(config.secret));
+  const hmac = crypto.createHmac('sha256', OAuth.openSecret(config.secret));
   hmac.update(accessToken);
 
   try {
@@ -98,11 +100,13 @@ var getIdentity = function (accessToken, fields) {
       }
     }).data;
   } catch (err) {
-    throw _.extend(new Error("Failed to fetch identity from Facebook. " + err.message),
-                   {response: err.response});
+    throw Object.assign(
+      new Error(`Failed to fetch identity from Facebook. ${err.message}`),
+      { response: err.response },
+    );
   }
 };
 
-Facebook.retrieveCredential = function(credentialToken, credentialSecret) {
-  return OAuth.retrieveCredential(credentialToken, credentialSecret);
-};
+Facebook.retrieveCredential = (credentialToken, credentialSecret) =>
+  OAuth.retrieveCredential(credentialToken, credentialSecret);
+
diff --git a/packages/facebook-oauth/package.js b/packages/facebook-oauth/package.js
index f34b080c91..95356c3cd6 100644
--- a/packages/facebook-oauth/package.js
+++ b/packages/facebook-oauth/package.js
@@ -1,13 +1,13 @@
 Package.describe({
   summary: "Facebook OAuth flow",
-  version: "1.4.0"
+  version: "1.4.1",
 });
 
-Package.onUse(function(api) {
+Package.onUse(api => {
+  api.use('ecmascript', ['client', 'server']);
   api.use('oauth2', ['client', 'server']);
   api.use('oauth', ['client', 'server']);
   api.use('http', ['server']);
-  api.use('underscore', 'server');
   api.use('random', 'client');
   api.use('service-configuration', ['client', 'server']);