Facebook

Facebook Login is a fast and convenient way for over 2.5 billion people to create accounts and log into your app across multiple platforms. It's available on iOS, Android, Web, desktop apps and devices such as Smart TVs, and "Internet of Things" objects. Facebook Login enables two scenarios, authentication and asking for permissions to access people's data. You can use Facebook Login simply for authentication or for both authentication and data access.

The Facebook social connection allows users to log in to your application using their Facebook profile.

By default, Auth0 automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Auth0. Optionally, you can disable user profile data synchronization to allow for updating profile attributes from your application.

Prerequisites

Before you begin, sign up for a Facebook Developer account.

Set up app in Facebook

Create an app in the Facebook Developer portal, and add Facebook Login to the app as a Product. During this process, Facebook will generate a App ID and App Secret for your application; make note of these.

While setting up your app, use the following settings:

Field	Value to Provide
How are you using your app?	Select For everything else.
Permissions and Features	Select the permissions your app will require. Only the default and email permissions do not require app review by Facebook.

While setting up the Facebook Login product, use the following settings:

Field	Value to Provide
Client OAuth Settings	Enable Web OAuth Login (web applications) or Client OAuth Login (native applications), depending on your app type.
Valid OAuth Redirect URIs	https://YOUR_DOMAIN/login/callback
Deauthorize Callback URL	Enter the URL you would like Facebook to call when a user does not consent to your app.

Find your Auth0 domain name

If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus.auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.us.auth0.com and your redirect URI would be https://exampleco-enterprises.us.auth0.com/login/callback. (If your tenant is in the US and was created before June 2020, then your domain name would be https://exampleco-enterprises.auth0.com.)

If you are using custom domains, your redirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

Test connection

You're ready to test your connection. After logging in, you'll be prompted to allow your app access. To do so, click Install unlisted app.

Access Facebook's API

Once a user successfully authenticates, Facebook will include an Access Token in the user profile it returns to Auth0. You can use this token to call Facebook's API.

To get the Facebook Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.

Using the token, you can call Facebook's API following Facebook's documentation.

Optional: Get a Refresh Token from Facebook to refresh your Access Token once it expires. To ensure your application is secure, pay close attention to the restrictions on using Refresh Tokens.

Facebook lets you select the minimum version of the Facebook API that is available to the application. This can be changed in the in the 'Settings/Advanced' section of your application in the Facebook developer portal.

Auth0 has been tested with version 3.2. We recommend setting that as the minimum version, but it could work with newer versions.

Facebook re-authentication

Once users authenticate, they will be prompted to accept the permissions your app has requested. Once they authenticate and accept, they will not be expected to re-authenticate unless you force them to. To learn how to force re-authentication, see Facebook's Re-Authentication documentation.