keycloak-scim/server_admin/topics/identity-broker/social/facebook.adoc

55 lines
3.3 KiB
Text
Raw Normal View History

2016-05-26 16:09:04 +00:00
==== Facebook
There are a number of steps you have to complete to be able to enable login with Facebook. First, go to the `Identity Providers` left menu item
and select `Facebook` from the `Add provider` drop down list. This will bring you to the `Add identity provider` page.
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
.Add Identity Provider
2017-08-28 12:50:14 +00:00
image:{project_images}/facebook-add-identity-provider.png[]
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
You can't click save yet, as you'll need to obtain a `Client ID` and `Client Secret` from Facebook. One piece of data you'll need from this
2017-08-28 12:50:14 +00:00
page is the `Redirect URI`. You'll have to provide that to Facebook when you register {project_name} as a client there, so
2016-05-26 18:51:45 +00:00
copy this URI to your clipboard.
2016-05-26 16:09:04 +00:00
2016-05-26 19:09:17 +00:00
To enable login with Facebook you first have to create a project and a client in the https://developers.facebook.com/[Facebook Developer Console].
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
NOTE: Facebook often changes the look and feel of the Facebook Developer Console, so these directions might not always be up to date and the
configuration steps might be slightly different.
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
Once you've logged into the console there is a pull down menu in the top right corner of the screen that says `My Apps`. Select the `Add a New App`
menu item.
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
.Add a New App
2017-08-28 12:50:14 +00:00
image:images/facebook-add-new-app.png[]
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
Select the `Website` icon. Click the `Skip and Create App ID` button.
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
.Create a New App ID
2017-08-28 12:50:14 +00:00
image:images/facebook-create-app-id.png[]
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
The email address and app category are required fields. Once you're done with that, you will be brought to the dashboard
for the application. Click the `Settings` left menu item.
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
.Create a New App ID
2017-08-28 12:50:14 +00:00
image:images/facebook-app-settings.png[]
2016-05-26 16:09:04 +00:00
2016-06-03 14:36:51 +00:00
Click on the `+ Add Platform` button at the end of this page and select the `Website` icon. Copy and paste the `Redirect URI` from the
2017-08-28 12:50:14 +00:00
{project_name} `Add identity provider` page into the `Site URL` of the Facebook `Website` settings block.
2016-05-26 16:09:04 +00:00
2016-05-26 18:51:45 +00:00
.Specify Website
2017-08-28 12:50:14 +00:00
image:images/facebook-app-settings-website.png[]
2016-05-26 16:09:04 +00:00
After this it is necessary to make the Facebook app public. Click `App Review` left menu item and switch button to "Yes".
2016-05-26 18:51:45 +00:00
2017-08-28 12:50:14 +00:00
You will need also to obtain the App ID and App Secret from this page so you can enter them into the {project_name} `Add identity provider` page. To obtain this click on the `Dashboard` left menu item and click on `Show` under `App Secret`. Go back to {project_name} and specify those items and finally save your Facebook Identity Provider.
2016-05-26 18:51:45 +00:00
One config option to note on the `Add identity provider` page for Facebook is the `Default Scopes` field.
This field allows you to manually specify the scopes that users must authorize when authenticating with this provider.
2017-08-28 12:50:14 +00:00
For a complete list of scopes, please take a look at https://developers.facebook.com/docs/graph-api. By default, {project_name}
2016-05-26 18:51:45 +00:00
uses the following scopes: `email`.
Another thing to note is that {project_name} sends a profile request to `graph.facebook.com/me?fields=id,name,email,first_name,last_name` by default, and the response only contains the specified fields.
If you want to fetch additional fields (e.g. birthday) from the Facebook profile then you have to add a corresponding scope as described in a paragraph above and add the field name in `Additional user's profile fields` configuration option field.
You can discover available field names and corresponding scopes by exploring the https://developers.facebook.com/tools/explorer[Facebook GraphQL API Explorer].