Add Facebook Sign-In to Your App

Enable "Continue with Facebook" for your application's users through OAuth42's social authentication feature.

What You'll Build

In this tutorial, you'll configure Facebook as a social identity provider for your OAuth42 application. Your users will be able to click "Continue with Facebook" and authenticate using their Facebook account.

How it works:

  • User clicks "Continue with Facebook" in your app
  • OAuth42 redirects to Facebook for authentication
  • Facebook authenticates the user and returns to OAuth42
  • OAuth42 creates/links the user account and issues tokens to your app
  • Your app receives the tokens and the user is logged in

Global reach: Facebook is one of the most widely used social login providers worldwide with over 3 billion users. Offering Facebook Sign-In can significantly improve your conversion rates.

Prerequisites

  • An OAuth42 account with an existing application
  • A Facebook account with access to Meta for Developers
  • Your application already integrated with OAuth42 (see Getting Started with Hosted Auth)

Step 1: Create a Facebook App

  1. Go to Meta for Developers and log in
  2. Click Create App
  3. Select Allow people to log in with their Facebook account as your use case
  4. Click Next
  5. Enter your app details:
    • App name: Your application name
    • App contact email: Your developer email
  6. Click Create app

Business verification: For production use, you may need to complete Meta's business verification process. This is required to access certain permissions and remove the "Development Mode" restrictions.

Step 2: Enable Email Permission

OAuth42 requires the email permission to create user accounts. Enable it in your Facebook App:

  1. In your app dashboard, go to Use cases in the left sidebar
  2. Find Facebook Login and click Customize
  3. Click on Permissions and features
  4. Find email in the list and click Add
  5. The email permission should now show "Ready for testing"

Important: Without the email permission enabled, you'll see an "Invalid Scopes: email" error when users try to sign in.

Step 3: Configure Redirect URIs

  1. Still in Use casesFacebook LoginCustomize
  2. Click on Settings
  3. In the Valid OAuth Redirect URIs field, add:
    • Production: https://api.oauth42.com/api/social-auth/callback
    • Development: https://localhost:8443/api/social-auth/callback
  4. Ensure Client OAuth Login is enabled
  5. Ensure Web OAuth Login is enabled
  6. Click Save Changes

Step 4: Get App Credentials

  1. Go to App SettingsBasic in the left sidebar
  2. Copy your App ID (this is your Client ID)
  3. Click Show next to App Secret and copy it (this is your Client Secret)

Keep your App Secret safe! Never expose your App Secret in client-side code or public repositories.

Step 5: Configure Facebook in OAuth42 Portal

Now configure Facebook as a social provider in your OAuth42 application:

  1. Log in to the OAuth42 Portal
  2. Navigate to Applications and select your application
  3. Click the Social Providers tab
  4. Click Add Provider
  5. Select Facebook from the dropdown
  6. Enter the App ID you copied from Facebook
  7. Enter the App Secret you copied from Facebook
  8. Click Add Provider to save

Secure Storage: Your Facebook App Secret is automatically encrypted with AES-256 before being stored. It's never logged or exposed in plain text.

Step 6: Add Facebook Sign-In Button to Your App

If you're using OAuth42's hosted auth pages, the Facebook Sign-In button appears automatically when you enable the provider. No code changes needed!

For custom login pages, add a Facebook Sign-In button that initiates the social auth flow:

"use client"

import { useState } from 'react'

export default function LoginPage() {
  const [isLoading, setIsLoading] = useState(false)

  const handleFacebookSignIn = async () => {
    setIsLoading(true)

    // Call OAuth42's social auth init endpoint
    const response = await fetch('/api/auth/social/facebook', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({
        provider: 'facebook',
        client_id: process.env.NEXT_PUBLIC_OAUTH42_CLIENT_ID,
        is_signup: true, // Allow account creation
      }),
    })

    const data = await response.json()

    if (data.authorization_url) {
      // Redirect to Facebook
      window.location.href = data.authorization_url
    }
  }

  return (
    <div className="min-h-screen flex items-center justify-center bg-gray-100">
      <div className="max-w-md w-full space-y-6 p-8 bg-white rounded-lg shadow">
        <h1 className="text-2xl font-bold text-center">Sign In</h1>

        <button
          onClick={handleFacebookSignIn}
          disabled={isLoading}
          className="w-full flex items-center justify-center gap-3 py-3 px-4 bg-[#1877F2] text-white rounded-lg hover:bg-[#166FE5] transition-colors"
        >
          <svg className="w-5 h-5" fill="currentColor" viewBox="0 0 24 24">
            <path d="M24 12.073c0-6.627-5.373-12-12-12s-12 5.373-12 12c0 5.99 4.388 10.954 10.125 11.854v-8.385H7.078v-3.47h3.047V9.43c0-3.007 1.792-4.669 4.533-4.669 1.312 0 2.686.235 2.686.235v2.953H15.83c-1.491 0-1.956.925-1.956 1.874v2.25h3.328l-.532 3.47h-2.796v8.385C19.612 23.027 24 18.062 24 12.073z"/>
          </svg>
          {isLoading ? 'Redirecting...' : 'Continue with Facebook'}
        </button>

        <div className="relative">
          <div className="absolute inset-0 flex items-center">
            <div className="w-full border-t border-gray-300" />
          </div>
          <div className="relative flex justify-center text-sm">
            <span className="px-2 bg-white text-gray-500">or</span>
          </div>
        </div>

        {/* Your regular email/password login form */}
        <form className="space-y-4">
          <input
            type="email"
            placeholder="Email"
            className="w-full px-4 py-3 border border-gray-300 rounded-lg"
          />
          <input
            type="password"
            placeholder="Password"
            className="w-full px-4 py-3 border border-gray-300 rounded-lg"
          />
          <button
            type="submit"
            className="w-full py-3 px-4 bg-indigo-600 text-white rounded-lg hover:bg-indigo-700"
          >
            Sign In
          </button>
        </form>
      </div>
    </div>
  )
}

Brand guidelines: Facebook requires using "Continue with Facebook" as the button text. See Facebook's Brand Guidelines for design requirements.

Step 7: Create API Route for Social Auth (Custom Login Only)

If using a custom login page, create an API route to initiate the social auth flow:

mkdir -p app/api/auth/social/facebook
touch app/api/auth/social/facebook/route.ts

Add the following code to app/api/auth/social/facebook/route.ts:

import { NextRequest, NextResponse } from 'next/server'

const API_BASE_URL = process.env.OAUTH42_ISSUER || 'https://api.oauth42.com'

export async function POST(request: NextRequest) {
  try {
    const body = await request.json()

    const response = await fetch(`${API_BASE_URL}/api/social-auth/init`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({
        provider: 'facebook',
        client_id: body.client_id,
        is_signup: body.is_signup || true,
        state: body.state,
      }),
    })

    const data = await response.json()

    if (!response.ok) {
      return NextResponse.json(data, { status: response.status })
    }

    return NextResponse.json(data)
  } catch (error) {
    console.error('[Social Auth] Error:', error)
    return NextResponse.json(
      { error: 'Failed to initiate social auth' },
      { status: 500 }
    )
  }
}

Using Hosted Auth? Skip this step! OAuth42's hosted auth pages automatically include the Facebook Sign-In button when you enable the provider.

Step 8: Test Facebook Sign-In

  1. Start your application
  2. Navigate to your login page
  3. Click "Continue with Facebook"
  4. You'll be redirected to Facebook's authorization page
  5. Sign in and authorize the application
  6. Facebook redirects back to OAuth42
  7. OAuth42 creates/links your user and redirects to your app
  8. You're now logged in!

Success! Your users can now sign in with their Facebook accounts.

How Account Linking Works

OAuth42 intelligently handles user accounts based on their Facebook profile:

New User (Signup)

A new user account is created with their Facebook profile info (name, email, profile picture). An email address is required.

Existing Facebook User (Login)

If the Facebook account ID is already linked to a user, they're logged into that existing account.

Existing Email User

If a user with the same email already exists (from email/password signup or another provider), the Facebook account is linked to that existing account.

Multiple Social Providers

Users can link multiple social providers (Google, Apple, Facebook, GitHub, GitLab, LinkedIn, X) to the same account, giving them flexibility in how they sign in.

Security Considerations

  • OAuth 2.0: Facebook uses standard OAuth 2.0 for authentication
  • State Parameter: CSRF protection via cryptographically random state tokens
  • Encrypted Storage: Facebook App Secrets are encrypted at rest using AES-256
  • Email Requirement: OAuth42 requires an email from Facebook to create accounts
  • HTTPS Required: Facebook requires HTTPS for callback URLs in production

Troubleshooting

"Can't Load URL" or redirect error

The callback URL isn't configured correctly. Go to your Facebook app → Facebook Login → Settings and add the exact OAuth42 callback URL: https://api.oauth42.com/api/social-auth/callback

"Facebook social login not configured" error

The Facebook OAuth credentials are not configured for this application. Go to the OAuth42 Portal → Applications → Your App → Social Providers tab and verify that Facebook is configured with valid credentials.

"Failed to authenticate with Facebook" error

This usually means the App ID or App Secret is incorrect. Double-check your credentials in both the Facebook Developer Console and OAuth42 Portal.

"Facebook did not provide email" error

The user's Facebook account doesn't have a verified email, or they signed up with a phone number only. Users need to add and verify an email address in their Facebook settings, or sign up using email/password instead.

"App in development mode" warning

By default, Facebook apps are in development mode and only work for users listed as developers/testers. To allow all users, you need to submit for App Review or switch to Live mode.

Going Live: App Review

Before your Facebook integration can be used by all users, you may need to complete Meta's App Review process:

  1. In development mode, only users with app roles can test
  2. For the email and public_profile permissions, you typically don't need App Review
  3. Go to App SettingsBasic and complete all required fields
  4. Add a Privacy Policy URL and Terms of Service URL
  5. Toggle your app to Live mode

Basic permissions: For basic login (email + public_profile), you can usually go live without formal App Review. Check Facebook's release guidelines for current requirements.

Next Steps

Need Help?

Having trouble with Facebook Sign-In? Check our documentation or reach out to support.

Documentation →Discord →