The Facebook authenticator provides the ability for users to login using Facebook. The integration to Facebook is done using OAuth 2. To use it, you need to configure a OAuth 2 client in Facebook, and then configure a Facebook authenticator instance in the Authentication Service. The steps to do this are described below.
To use Facebook accounts in the Authentication Service, you need to register a Facebook app. To do this, sign into Facebook, register as a developer, and create a new new app at https://developers.facebook.com/.
After logging into Facebook for Developer, click on My Apps in the upper right-hand corner of the screen.
Fig. 67 Facebook - Start screen
In the resulting dropdown menu, click Add a New App.
Fig. 68 Facebook - Add new App
In the Add a New App dialogue box, select Website.
Fig. 69 Facebook - Select Website
Then, enter a an App ID (e.g., CurityLogin), and click the Create New Facebook App ID button.
Fig. 70 Facebook - Create new Facebook app id
Choose a category from the drop down list, select whether the app is for testing or not, and click the Create App ID button.
Fig. 71 Facebook - Create App ID
On the next page, you are presented with options to setup the Facebook SDK for JavaScript. This isn’t needed, so just click Skip Quick Start in the upper right-hand corner.
Fig. 72 Facebook - Skip quick start
Finally, Facebook has generated credentials for the authenticator. The App ID in Facebook will correspond to the client_id in the Authentication Service, and Facebook’s App Secret will be used as the client_secret. To access this secret key, click the Show button in the textfield.
Fig. 73 Facebook - Credentials
Store the credentials, so you can use them when configuring the Authentication Service (as described below).
The redirect URI is the URI where Facebook will redirect the user when the authentication is done. The URI that the Authentication Service uses is generated automatically based on configuration, and is the path to the authenticator with an added /callback. This last part of the path is only used in the communication between the Authentication Service and Facebook, and can not be changed whereas the preceding components of the path can be.
The form is like this:
<base-url>/<authentication-endpoint>/<authenticator-id>/callback
For example, for a server running on server1.local and a protocol of https and listening on port 8443 and having an authentication endpoint configured to be /authn/authenticate and with a Facebook authenticator instance called facebook1, the redirect URI would be:
https://server1.local:8443/authn/authenticate/facebook1/callback
This redirect URI needs to be set in Facebook. To do so, find that app that you previously created (e.g., CurityLogin), and click Settings.
Fig. 74 Facebook - Settings
Then, click the Advanced button at the top of the app’s settings, and set the Valid OAuth redirect URIs’ to the callback URL of the Authentication Service.
Fig. 75 Facebook - Advanced Section
Fig. 76 Facebook - Redirect URL
Finally, click Save Changes.
The App is now registered and can be used in the Authentication Service.
The general authenticator configuration is described under Authenticator Base Configuration. This section describes the additional parameters that are available for the Facebook authenticator.
Important
Authenticator base is /profiles/profile{id type}/settings/authentication-service/authenticators/
List Entry: <authenticator_base>/authenticator/ (key id)
type string
mandatory
default public_profile email
public_profile email
default https://www.facebook.com/dialog/oauth
https://www.facebook.com/dialog/oauth
default https://graph.facebook.com/v2.3/oauth/access_token
https://graph.facebook.com/v2.3/oauth/access_token
default https://graph.facebook.com/v2.2/me
https://graph.facebook.com/v2.2/me
Example:
<authenticator xmlns="https://curity.se/ns/conf/profile/authentication"> <id>facebook1</id> <facebook xmlns="https://curity.se/ns/conf/authenticators/facebook"> <client-secret>123456778912345677890012345677890</client-secret> <client-id>1234567890</client-id> </facebook> </authenticator>