Add Facebook Login to Your App

This guide will show you how to add functionality to your web app that allows your users to log in with Facebook. Along the way, you will also learn how to get an Access Token that will allow you to access the Facebook API.

To learn how, follow Facebook's App Development docs. During this process, Facebook will generate an App ID and App Secret for your application; you can find these in the app's Basic Settings.

While setting up your app, make sure you use the following settings:

When asked to select scenarios, choose Facebook Login.
On the Facebook Login > Settings page, under Valid Oauth Redirect URIs, enter your callback URL: https://YOUR_DOMAIN/login/callback.
On the Facebook Login > Settings page, you can also set a Deauthorize Callback URL that will be called when a user deauthorizes your app.

Find your Auth0 domain name for redirects

If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, plus .auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.auth0.com and your redirect URI would be https://exampleco-enterprises.auth0.com/login/callback.

If you are using custom domains, your redirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

If your application requests sensitive permissions, it may be subject to review by Facebook. Only the default and email permissions do not currently require app review. For info on Facebook permissions, see Facebook's Facebook Login Permissions Reference.

Set up the Facebook social connection in Auth0. Make sure you have the App ID and App Secret generated in Step 1.

You're ready to test your connection.

Facebook allows you to create a copy of your application to use for testing purposes. A test application has its own unique App ID and App Secret. Because Auth0 only allows one Facebook connection to be configured per tenant, you have two options for testing in Auth0:

While testing, use the testing application's App ID and App Secret in Auth0's social connection, and then change these values when you are ready to connect to the production application.
Create another Auth0 tenant to use for testing purposes and set up a test environment.

Once a user successfully authenticates, Facebook will include an Access Token in the user profile it returns to Auth0. You can use this token to call Facebook's API.

To get the Facebook Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.

Using the token, you can call Facebook's API following Facebook's documentation.

Optional: Get a Refresh Token from Facebook to refresh your Access Token once it expires. To ensure your application is secure, pay close attention to the restrictions on using Refresh Tokens.

Once users authenticate, they will be prompted to accept the permissions your app has requested. Once they authenticate and accept, they will not be expected to re-authenticate unless you force them to. To learn how to force re-authentication, see Facebook's Re-Authentication docs.

You can find additional info at Facebook's: Facebook Login.

Docs