This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Go to and log in using your Facebook credentials.
  2. Click on Create App.  

  3. Enter a Display Name, Contact Email, and click Create App ID.
  4. Enter code for security check, and click Submit.
  5. On Select product page, click Set up under Facebook Login.
  6. Select Website as the platform for the app used in this sample.

  7. Enter https://localhost:9443/ as the Site URL and click Save.


    If you have configured WSO2 Identity Server to run using the IP or hostname, you need to provide the IP or hostname instead of localhost.

  8. Under Products on the left navigation panel, Click Facebook Login

  9. You can configure the Client OAuth Settings on the window that appears.

    1. Client OAuth Login should be set to Yes.
      Client OAuth Login is the global on-off switch for using OAuth client token flows. It helps to secure your application and prevent abuse by locking down which token redirect URIs are allowed.
    2. Web OAuth Login should be set to Yes.
       Web OAuth Login settings enables any OAuth client token flows that use the Facebook web login dialog to return tokens to your own website.
    3. Valid OAuth redirect URIs should be set to https://localhost:9443/commonoauthcommonauth.
      Enter the ACS URL (Assertion Consumer URL) which is the endpoint in WSO2 Identity Server which accepts the response sent by facebook.

  10. Scroll down and click Save Changes button to save the changes.

  11. Click on Dashboard. You can see the App ID and App Secret as shown in the image below. Click Show to view the App Secret.


    App ID is the Client ID and the App Secret is the Client Secret in OAuth terminology. The API Version is Facebook’s API that is used to create the application.

  12. Click Settings on the left menu and navigate to the Basic tab. Add the App Domains (since WSO2 IS is running on localhost, you can add localhost as the App Domain) 

  13. Click Save Changes.  

Now you have finished configuring Facebook as an Identity Provider.

titleAbout accessing the app

The app is not available to general public yet. To make to app available to every Facebook user, you have to submit the app for review. After a review, Facebook makes the app available to every Facebook user. You can find more information on the review process by clicking on App Review in the left navigation menu of your app's dashboard.

The review process may take some time, so for the purposes of this sample, you can specify some Facebook users as Developers or Testers. Only the users specified here can use this app to log in with Facebook until the app goes public. To do this, click on Roles in the left navigation menu of the dashboard and specify the required Facebook users as Developers or Testers.