Facebook has never been able to track the user that pops over to Safari to do the final sale. Even before IDFA went away since that is not sent with requests made in Safari.

Apple disallowed third party cookies (like all other browsers) so now your website with Facebook embedded can only tell Facebook "I got a visitor" and Facebook has no data on who that user is (since they look to be logged out). Before third-party cookie blocking was a thing, Facebook could track users if they were logged in on the web, and thus could potentially attribute the sale to an ad that was shown in Facebook itself.

If the user clicked the link in Facebook for your ad, then popped over to Safari by clicking the "open in Safari" button then Facebook can continue to track that because they saw the final click and can add query parameters on the other end that you can send to Facebook upon checkout completion.

What Facebook can't track now is when a user installs Candy Crush, Quit Smoking app, and Instagram... thereby limiting what ads it can show a user in Instagram to just the behavioral data they get from Instagram, instead of knowing the user also has Candy Crush and a Quick Smoking app (and thus would likely be interested in quick games and cessation of smoking stuff).