Native Provider - Facebook

This feature relies on a deprecated grant type. Clients created after June 8th 2017 won't be able to use this feature. We recommend using browser-based flows, as explained in Authentication with Auth0 Hosted Login Page.

You can use Facebook AuthProvider to log in with or without Lock. Make sure to follow the instructions in the setup section.

Latest version

The Lock-Facebook is available through Maven Central and JCenter. To install it, simply add the following line to your build.gradle:

compile ''

You can check for the latest version on the repository Readme, in Maven, or in JCenter.


Android API 15 or later & Facebook Android SDK 4.+

Github repository


Facebook Developers Console

  1. Go to the Facebook Developers Console and create a new App: Choose "Android" and give it a valid name. Click "Create new Facebook App ID".
  2. Add your application's Package Name and the name of the Activity class where you're using the provider and click the Next button.
  3. Add the SHA-1 Base64 encoded Key Hashes of the certificates you're using to sign your application and click the Next button. If you need help obtaining the SHA-1 check this section.
  4. Finally, scroll to the top of the page and click the Skip Quickstart button to go to your Facebook app's page.
  5. On the top of the page, you will find the APP ID and APP SECRET values. Save them as you're going to need them later.
  6. On the left side you have the navigation drawer. Click Settings and then Basic. Turn ON the Single Sign On switch and click the Save button.
  7. Click Settings and then Advanced. Turn ON the Native or desktop app? switch.

Auth0 dashboard

  1. Go to the Auth0 Dashboard and click Social Connections.
  2. Click Facebook and a dialog will prompt.
  3. Complete the "App ID" field with the APP ID value obtained in the step 5 of the Facebook Developers Console section above.
  4. Complete the "App Secret" field with the APP SECRET value obtained in the step 5 of the Facebook Developers Console section above.
  5. Click the Save button.
  6. Go to the Auth0 Dashboard and click Clients. If you haven't created yet one, do that first and get into your client configuration page.
  7. At the bottom of the page, click the "Show Advanced Settings" link and go to the "Mobile Settings" tab.
  8. In the Android section, complete the Package Name with your application's package name. Finally, complete the Key Hashes field with the SHA-256 of the certificate you're using to sign your application. If you need help obtaining the SHA-256 check this section. Click the "Save Changes" button.

Android application

  1. In your android application, create a new String resource in the res/strings.xml file. Name it facebook_app_id and set as value the APP ID obtained in the step 5 of the Facebook Developers Console setup section above.
  2. Add the FacebookActivity and facebook_app_id MetaData to the AndroidManifest.xml file, inside the Application tag.
    android:value="@string/facebook_app_id" />
  1. Add the Internet Android permission to your AndroidManifest.xml file.
<uses-permission android:name="android.permission.INTERNET" />
  1. Create a new instance of the FacebookAuthProvider.
public class MainActivity extends AppCompatActivity {
  private FacebookAuthProvider provider;
  // ...

  protected void onCreate(Bundle savedInstanceState) {
    Auth0 auth0 = new Auth0(getString(R.string.com_auth0_client_id), getString(R.string.com_auth0_domain));
    AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
    provider = new FacebookAuthProvider(client);

  // ...

If you need further help with the Facebook SDK setup, please check Facebook's Getting Started Guide.

Usage with Lock

If you plan to use this provider with Lock, pass the instance of the provider to the FacebookAuthHandler class and add it to Lock's Builder when you create the instance.

FacebookAuthHandler handler = new FacebookAuthHandler(provider);
lock = Lock.newBuilder(auth0, authCallback)

Usage without Lock

If you plan to use this provider without Lock, make sure you override the onActivityResult() method of your activity and redirect the call to the provider instance. Finally, call start to begin the authentication process.

// Define your own request codes
private static final int RC_PERMISSIONS = 101;
private static final int RC_AUTHENTICATION = 102;

protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    if (provider.authorize(requestCode, resultCode, data)) {
    super.onActivityResult(requestCode, resultCode, data);

private void beginAuthentication(){
  provider.start(this, callback, RC_PERMISSIONS, RC_AUTHENTICATION);

That's it, you're ready to run the application and log in using Facebook native provider!!

Additional options

Using a custom connection name

To use a custom social connection name to authorize against Auth0, call setConnection with your new connection name.

FacebookAuthProvider provider = new FacebookAuthProvider("my_connection_name", client);

Send additional authentication parameters

To send additional parameters on the authentication call setParameters.

Map<String, Object> parameters = new HashMap<>();
//Add entries

Requesting custom Facebook permissions

By default, the permission public_profile is requested. You can customize them by calling setPermissions with the list of Facebook Permissions.

provider.setPermissions(Arrays.asList("public_profile", "user_photos"));

Requesting custom Android runtime permissions

This provider doesn't require any special Android Manifest Permissions to authenticate the user. But if your use case requires them, you can let the AuthProvider handle them for you. Use the setRequiredPermissions method to specify them.

provider.setRequiredPermissions(new String[]{"android.permission.GET_ACCOUNTS"});

If you're not using Lock then you'll have to handle the permission request result yourself. To do so, make your activity implement the ActivityCompat.OnRequestPermissionsResultCallback interface. When the onRequestPermissionsResult method gets called pass the result to the provider by calling provider.onRequestPermissionsResult.

Log out / clear account.

To log out the user so that the next time they are prompted to input their credentials call clearSession. After you do this the provider state will be invalid and you will need to call start again before trying to authorize a result. Calling stop has the same effect.


Remember the last Login

By default this provider will remember the last account used to log in. If you want to change this behavior, use the following method.


Certificate fingerprints

When creating a new OAuth Credential in the Facebook Developers Console you will need to provide the SHA-1 of the certificate you're using to sign your application. When completing your Client's Configuration in the Auth0 Dashboard you will also need to provide the SHA-256 value. Here is an example of the terminal command to acquire the value, and a sample result.


keytool -exportcert -alias androiddebugkey -keystore <PATH_TO_YOUR_KEYSTORE> -storepass android | openssl sha1 -binary | openssl base64

Sample output:

SHA1: BB:0D:AC:74:D3:21:E1:43:07:71:9B:62:90:AF:A1:66:6E:44:5D:75
SHA256: 15:B9:F9:33:9F:E4:E3:68:C2:10:49:17:5D:A8:77:12:7C:8E:57:E9:FF:B7:23:EA:CC:DD:56:08:06:C9:5E:33

If you need assistance, you can follow this Keystores Guide to acquire those values.