Facebook oAuth2

This page explains how to setup Facebook OAuth

PreviousGoogle oAuth2 NextS3 compatible storage (AWS, MinIO)

Last updated 6 months ago

Facebook oAuth2

This page explains how to setup Facebook OAuth

Setup

To create an OAuth 2.0 App in the Facebook Developers Console:

Go to the .
Create a New App:
- Select My Apps > Create App.
- Choose App for Everything Else or a specific type that fits your needs.
- Enter the App Name, Contact Email, and App Purpose, and then click Create App ID.
Add Facebook Login:
- In your App Dashboard, navigate to Add Product and select Facebook Login.
- Configure Facebook Login to be used on the web by going to Facebook Login > Settings.
Enter Valid OAuth Redirect URIs:
- In Settings under Facebook Login, add authorized redirect URIs (e.g., https://yourapp.com/auth/callback for production or http://localhost:3000/auth/callback for local development).
Get App ID and App Secret:
- Go to Settings > Basic in your dashboard to access your App ID and App Secret. Copy these, as they’ll be required for your front-end and backend configurations.
Configure OAuth Passport Strategy:
- Use the App ID and App Secret from Facebook in your Passport or other OAuth configuration. Refer to for more details.
Deleting an App:
- To delete an app, go to the App Dashboard, select Settings > Basic, scroll to the bottom, and click Delete App.

Publishing Your Application

Publishing your application allows any Facebook user to authenticate with it, enabling the use of your credentials in a production environment.

App Review:
- For initial testing, your app is private. To make it public, navigate to the App Review section and switch Make [App Name] public? to Yes.
Set Up OAuth Consent for Production:
- In Settings > Basic, add production details such as your official app name, contact email, and privacy policy URL.
Testing the Production Environment:
- After deployment, test your OAuth setup on the live site. Check all authentication flows, including login, redirect, and logout, to ensure smooth and secure user experiences.
- Verify that tokens are managed correctly and that session behavior is as expected.
Monitor OAuth Usage:
- In the Facebook Developer Console, go to Insights to monitor your app’s traffic and performance, allowing you to track and troubleshoot usage.
Communicate OAuth Status to Users:
- Inform users on your login page that they can securely log in with Facebook, linking to your privacy policy for transparency and to build trust.

Verification Note

Currently, no additional verification is required for standard scopes (like public_profile and email). However, requesting more sensitive or restricted scopes in the future, such as user_friends or user_posts, may prompt Facebook to require app verification, involving a review process to ensure compliance with Facebook's data usage policies.

PreviousGoogle oAuth2 NextS3 compatible storage (AWS, MinIO)

Last updated 6 months ago

Setup

To create an OAuth 2.0 App in the Facebook Developers Console:

Go to the .
Create a New App:
- Select My Apps > Create App.
- Choose App for Everything Else or a specific type that fits your needs.
- Enter the App Name, Contact Email, and App Purpose, and then click Create App ID.
Add Facebook Login:
- In your App Dashboard, navigate to Add Product and select Facebook Login.
- Configure Facebook Login to be used on the web by going to Facebook Login > Settings.
Enter Valid OAuth Redirect URIs:
- In Settings under Facebook Login, add authorized redirect URIs (e.g., https://yourapp.com/auth/callback for production or http://localhost:3000/auth/callback for local development).
Get App ID and App Secret:
- Go to Settings > Basic in your dashboard to access your App ID and App Secret. Copy these, as they’ll be required for your front-end and backend configurations.
Configure OAuth Passport Strategy:
- Use the App ID and App Secret from Facebook in your Passport or other OAuth configuration. Refer to for more details.
Deleting an App:
- To delete an app, go to the App Dashboard, select Settings > Basic, scroll to the bottom, and click Delete App.

Publishing Your Application

Publishing your application allows any Facebook user to authenticate with it, enabling the use of your credentials in a production environment.

App Review:
- For initial testing, your app is private. To make it public, navigate to the App Review section and switch Make [App Name] public? to Yes.
Set Up OAuth Consent for Production:
- In Settings > Basic, add production details such as your official app name, contact email, and privacy policy URL.
Testing the Production Environment:
- After deployment, test your OAuth setup on the live site. Check all authentication flows, including login, redirect, and logout, to ensure smooth and secure user experiences.
- Verify that tokens are managed correctly and that session behavior is as expected.
Monitor OAuth Usage:
- In the Facebook Developer Console, go to Insights to monitor your app’s traffic and performance, allowing you to track and troubleshoot usage.
Communicate OAuth Status to Users:
- Inform users on your login page that they can securely log in with Facebook, linking to your privacy policy for transparency and to build trust.

Verification Note

Working with PassportJS

OAuth Providers