• Android Studio 3.6.1

• Android SDK 25

• Emulator - Nexus 5X - Android 6.0

This tutorial describes how to implement login with the Facebook SDK.​

• Install and configure the Facebook Login SDK. You’ll also go through the process of creating a Facebook app in https://developers.facebook.com. When you finish this step, you should have a mobile app running with Facebook Login integrated.

Configure your Auth0 application in the dashboard to use Facebook Native Sign In. See Add Facebook Login to Native Apps. When you finish this step, your application will be able to implement Facebook Native Login.

Your application is already able to sign in with Facebook. However, to ensure you have a rich user profile, you need to update the permissions with which the Facebook Login Button was set up.

Set the requested permissions to public_profile and email. This way, the user email will also be included as part of the response, provided the access request is accepted by the user.

loginButton.setPermissions(Arrays.asList("public_profile", "email"));

Now, to kick off the authentication process with Auth0, create a new method in which you will prepare the payload to be sent.

You will make use of a small interface to handle our internal callbacks.

In the sample, the method was named performLogin and the interface SimpleCallback. Go ahead and add both.

Now, call the method from the Facebook login callback's onSuccess method.

When you sign in with Facebook at Auth0, the backend will perform some checks in the background to ensure the user is who they say they are. To achieve this, it needs to be provided with a Session Access Token.

Furthermore, if a user needs to be created on Auth0 to represent this Facebook user, the backend will require some of their information, such as their name, last name, and email. The email, if provided, will be flagged as non-verified on the Auth0 user profile.

To obtain the Session Access Token and the user profile, two additional requests need to be made against the Facebook API.

Make a new GET request against the Facebook API's /oauth/access_token endpoint. Use the following query parameters:

• grant_type: fb_attenuate_token.

• fb_exchange_token: the access token received upon login.

• client_id: your App ID. This value comes from the Facebook Developer's dashboard and should already be in use in your application if you have integrated Facebook Login successfully.

Put the logic from this step in its own method. You will be calling it later from the previously-added method.

The sample uses the Facebook SDK's GraphRequest class to perform this request.

Now make another GET request, just like in the step above. The endpoint path will be the User ID value from the Facebook login result (for example, /904636746222815). Use the following parameters:

• access_token: the access token received upon login.

• fields: the fields from the user profile that you'd like to get back in the response. These are directly tied to the Facebook Login Button permissions that were configured at the beginning. When a permission is optional, the user must first consent to give access to it. For the purpose of signing up a user at Auth0, their full name and email will suffice.

Now that the required artifacts have been obtained, you are ready to trade them for Auth0 user credentials, such as the ID and Access Tokens. But first, you must set up the Auth0 SDK to make that last request.

Get your application keys

1. Go to the Applications section of the Auth0 Dashboard and select the existing application in which you enabled Sign in with Facebook. If you need help with this step, please check the requirements section at the top of this article.

2. Copy the Domain and Client ID values from the application settings page. These are required by the SDK.

3. Create two new resources in your Android application's strings.xml file to store them. The name of the keys must match the ones used below:

   <resources>
   
       <string name="com_auth0_domain">{yourDomain}</string>
   
       <string name="com_auth0_client_id">{yourClientId}</string>
   
   </resources>

   Was this helpful?

   feedbackSection.yesButtonText /feedbackSection.noButtonText

Install the Auth0 SDK

In your Android application, add this line to the app/build.gradle file:

dependencies {
implementation 'com.auth0.android:auth0:1.+'
}

Now is time to run the Gradle Sync task to refresh the project and its dependencies.

Update manifest for web authentication

If your application does not plan to make use of the Web Authentication module provided by the SDK, you will need to remove the unused activity from the AndroidManifest.xml file to prevent Manifest Placeholder issues. This can be achieved by adding an activity declaration and annotating it with tools:node="remove".

<application>
<!-- Add the activity declaration line below -->
<activity
android:name="com.auth0.android.provider.AuthenticationActivity"
tools:node="remove" />
</application>

However, if you do plan to support Web Authentication, head over here to learn how to declare the Manifest Placeholders.

The SDK must be instantiated before use. Define a field at the class level and initialize it on the onCreate method. Note how the credentials defined in the step above are passed to the Auth0 constructor and then a new instance of the AuthenticationAPIClient is created with it.

private AuthenticationAPIClient auth0Client;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);



setContentView(R.layout.activity_login);



Auth0 account = new Auth0(getString(R.string.com_auth0_client_id), getString(R.string.com_auth0_domain));

auth0Client = new AuthenticationAPIClient(account);



//...

}

Create the method that will hold the logic to exchange the two obtained artifacts for Auth0 user credentials. In the sample, this method is named exchangeTokens.

The API client declares the method loginWithNativeSocialToken that receives a token and a subject type. The former corresponds to the session token, and the latter indicates what type of connection the backend will attempt to authenticate with.

For native Facebook Login, you will use the following value: "http://auth0.com/oauth/token-type/facebook-info-session-access-token"

Other values that need to be configured are the user profile (using the user_profile key) and the scope you request the Auth0 tokens contain.

Now that every step is defined in its own method, it's time to put everything together inside the performLogin method.

If everything went well, you should now be able to authenticate natively with the Facebook Login SDK. This means that if the Facebook app is installed on the device, the authentication will be handled via the application and not a browser app.