I agree. $cordovaOauth is acting as it should in IOS 9 given the check for week TTL (I suspect TLTL) at a server. Giving a specific white list permissions may be better than the fix I show above.
Would like to point out that the facebook method of $cordovaOauth needs work however to better handle this error. Its call to the inappbrowser hangs and never returns. The facebook method should set the inappbrowser as hidden on its launch and then check it events when it is ready to display. This way it could show a working message and time it out should it hang due to the freeze up. I will try to post such a fix as we are forced to incorporate this into our app.