Add Facebook Login to Your App
This guide will show you how to add functionality to your web app that allows your users to log in with Facebook. Along the way, you will also learn how to get an Access Token that will allow you to access the Facebook API.
1. Set up your app in Facebook
To learn how, follow Facebook's App Development docs. During this process, Facebook will generate an App ID and App Secret for your application; you can find these in the app's Basic Settings.
While setting up your app, make sure you use the following settings:
- When asked to select scenarios, choose Facebook Login.
- On the Facebook Login > Settings page, under Valid Oauth Redirect URIs, enter
- On the Facebook Login > Settings page, you can also set a Deauthorize Callback URL that will be called when a user deauthorizes your app.
Find your Auth0 domain name for redirects
If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, plus
.auth0.com. For example, if your tenant name were
exampleco-enterprises, your Auth0 domain name would be
exampleco-enterprises.auth0.com and your redirect URI would be
If you are using custom domains, your redirect URI will have the following format:
https://<YOUR CUSTOM DOMAIN>/login/callback.
2. Create and enable a connection in Auth0
Set up the Facebook social connection in Auth0. Make sure you have the App ID and App Secret generated in Step 1.
3. Test the connection
You're ready to test your connection.
Access Facebook's API
Once a user successfully authenticates, Facebook will include an Access Token in the user profile it returns to Auth0. You can use this token to call Facebook's API.
To get the Facebook Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.
Using the token, you can call Facebook's API following Facebook's documentation.
Once users authenticate, they will be prompted to accept the permissions your app has requested. Once they authenticate and accept, they will not be expected to re-authenticate unless you force them to. To learn how to force re-authentication, see Facebook's Re-Authentication docs.
You can find additional info at Facebook's: Facebook Login.