Facebook oAuth2

This page explains how to setup Facebook OAuth

Setup

To create an OAuth 2.0 App in the Facebook Developers Console:

1. Go to the Facebook for Developers Console.

2. Create a New App:

   • Select My Apps > Create App.

   • Choose App for Everything Else or a specific type that fits your needs.

   • Enter the App Name, Contact Email, and App Purpose, and then click Create App ID.

3. Add Facebook Login:

   • In your App Dashboard, navigate to Add Product and select Facebook Login.

   • Configure Facebook Login to be used on the web by going to Facebook Login > Settings.

4. Enter Valid OAuth Redirect URIs:

   • In Settings under Facebook Login, add authorized redirect URIs (e.g., https://yourapp.com/auth/callback for production or http://localhost:3000/auth/callback for local development).

5. Get App ID and App Secret:

   • Go to Settings > Basic in your dashboard to access your App ID and App Secret. Copy these, as they’ll be required for your front-end and backend configurations.

6. Configure OAuth Passport Strategy:

   • Use the App ID and App Secret from Facebook in your Passport or other OAuth configuration. Refer to Facebook's OAuth documentation for more details.

7. Deleting an App:

   • To delete an app, go to the App Dashboard, select Settings > Basic, scroll to the bottom, and click Delete App.

---

Publishing Your Application

Publishing your application allows any Facebook user to authenticate with it, enabling the use of your credentials in a production environment.

1. App Review:

   • For initial testing, your app is private. To make it public, navigate to the App Review section and switch Make [App Name] public? to Yes.

2. Set Up OAuth Consent for Production:

   • In Settings > Basic, add production details such as your official app name, contact email, and privacy policy URL.

3. Testing the Production Environment:

   • After deployment, test your OAuth setup on the live site. Check all authentication flows, including login, redirect, and logout, to ensure smooth and secure user experiences.

   • Verify that tokens are managed correctly and that session behavior is as expected.

4. Monitor OAuth Usage:

   • In the Facebook Developer Console, go to Insights to monitor your app’s traffic and performance, allowing you to track and troubleshoot usage.

5. Communicate OAuth Status to Users:

   • Inform users on your login page that they can securely log in with Facebook, linking to your privacy policy for transparency and to build trust.

---

Verification Note

Currently, no additional verification is required for standard scopes (like public_profile and email). However, requesting more sensitive or restricted scopes in the future, such as user_friends or user_posts, may prompt Facebook to require app verification, involving a review process to ensure compliance with Facebook's data usage policies.

---

Working with PassportJS

OAuth Providers