Facebook Social Login

This section describes how to configure social authentication to Facebook from OpenIAM. Perform the steps described below.

OpenIAM must be configured to use https prior to proceeding

Creating and configuring Facebook application

To use Facebook's social login feature you should:

The new application will be in a development state unless you configure it to go live. In Development mode, your app can only request data from user with an app role. To request end user data, your app must have Advanced Access permissions and be set to Live mode. To go live with the app please follow instructions and documentation provided by Facebook. OpenIAM supports both Live and Developer modes.

On your application page, click on the Products button and select:

  • Facebook Login
  • Web from select a platform
  • Fill the form with site URL ( https://your_openiam_domain).
  • Read Facebook provided information and complete the quick-start wizard.
  • Go to the Settings tab, and provide Valid OAuth Redirect URIs. This should include: https://[ your_openiam_domain ]/idp/social/facebook/callback
  • Save the changes.

Note As mentioned above, new Facebook applications always launch in Development mode. While the application is in development mode, only Admins can use these functions. To go to Live mode, you should follow Facebook procedure. Facebook admin

Go to Settings -> Basic of your Facebook application and ensure that you can see the App ID and App Secret. facebook-application

Configuring OpenIAM

Create an Authentication Provider

In the Webconsole got to Access Control menu -> Authentication Provider -> Create new provider.

  • Select Facebook from the dropdown.
  • On the Authentication provider screen copy and paste the App Id and App Secret from Facebook,
  • Fill in the required fields and save. Auth provider

Update the appropriate content provider so that it has the following URL patterns:

  • /idp/social/facebook/callback
    • Authorization is set to disabled
    • Authentication Rule is set to None
  • /idp/social/facebook/login
    • Authorization is set to disable
    • Authentication Rule is set to None
    • Supported HTTP Methods - POST

Prepare users

Each user that may want to login via Facebook should have an identity for the managed system that is selected on Auth provider page. In our example it is Facebook Managed system facebook-users

Test feature

To test this function, go to the OpenIAM login page. You will see a blue Facebook button. Click it and Facebook pop-up will appear asking you to share your info with the app facebook-users