Facebook can be used as a federated authenticator in the Identity Server. Do the following to configure the Identity Server to authenticate users using their Facebook credentials.
This section gives you a quick understanding of configuring Facebook as Identity provider so that it acts as a federated authenticator. Check out the Logging in to your Application via Identity Server using Facebook Credentials tutorial to try out an end to end scenario of using Facebook as a federated authenticator.
Before you begin
- Create a Facebook account and register an application on Facebook.
- Sign in to the WSO2 Identity Server Management Console at
https://<Server Host>:9443/carbon
using yourusername
andpassword
.
Follow the steps given below to add a new identity provider in WSO2 Identity Server. Go to Facebook Configuration under Federated Authenticators. Enter the following values in the form that appears: <Application ID of the Facebook App> Select both checkboxes to Enable Facebook Authenticator and make it the Default. You have now added the identity provider.Field Description Sample Value Client Id This refers to the App ID you received from the Facebook app you created. Client Secret This refers to the App Secret you received from the Facebook app you created. <App Secret of the Facebook App> Scope Defines the permission to access particular information from a Facebook profile. See the Permissions Reference for a list of the different permission groups in Facebook APIs. email User Information Fields These are the claims related to the user account on Facebook. WSO2 Identity Server requests these fields from Facebook when a user is authenticated with Facebook through the IS. See public_profile permission for more information about these fields. id,name,gender,email,first_name,last_name,age_range,link Callback Url This is the URL to which the browser should be redirected after the authentication is successful. This should be thecommonauthendpoint of Identity server. https://localhost:9443/commonauth
- Navigate to the Identity Provider section under Main > Identity menu-item.
- Click Add.
- Provide values for the following fields under the Basic Information section:
- Expand the Facebook Configuration form.
Fill in the following fields where relevant.
Field Description Sample value Enable Facebook Authentication Selecting this option enables Facebook to be used as an authenticator for users provisioned to the Identity Server. Selected Default Selecting the Default checkbox signifies that the Facebook credentials are the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators. Selected Client Id This is the username from the Facebook app. These are obtained from the Facebook App you create using your Facebook Developer account. See Logging in to your Application via Identity Server using Facebook Credentials for more information on how to do this. 1421263438188909 Client Secret This is the password from the Facebook app. Click the Show button to view the value you enter. 12ffb4dfb2fed67a00846b42126991f8 Scope You can restrict the claims sent to the Identity Server. This means you can restrict the claims by specifying them in the scope. email User Information Fields You can send a comma separated list of claims that you need to receive. id,email,name Callback URL This is the URL to which the browser should be redirected after the authentication is successful. It should have this format: https://(host-name):(port)/commonauth. Here Callback URL is the endpoint in WSO2 Identity Server which accepts the response sent by facebook.
https://localhost:9443/commonauth
- Identity Federation is part of the process of configuring an identity provider. For more information on how to configure an identity provider, see Configuring an Identity Provider.
- See the following topics for samples of configuring Facebook for federated authentication: