--- title: Facebook social identity provider description: Facebook as a social identity provider requires access over secure HTTP (HTTPS). component: pingidm version: 7.5 page_id: pingidm:self-service-reference:social-providers/section-facebook-social canonical_url: https://docs.pingidentity.com/pingidm/7.5/self-service-reference/social-providers/section-facebook-social.html keywords: ["JSON", "Configuration", "Authentication", "Social Authentication", "Self-Service", "User Self-Service", "Social Identity"] section_ids: cdm-facebook-setup: Set up Facebook cdm-facebook-socialID: Configure a Facebook social identity provider cdm-facebook-userreg: Configure user registration to link to Facebook appendix-facebook-social: Facebook social identity provider configuration details --- # Facebook social identity provider | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Social authentication is deprecated and will be removed in a future release of IDM. For more information, refer to [Deprecation](../../release-notes/deprecated-functionality.html#deprecated-standalone-socialid-auth). | | | | | - | -------------------------------------------------------------------------------- | | | Facebook as a social identity provider requires access over secure HTTP (HTTPS). | ## Set up Facebook To set up Facebook as a social identity provider, navigate to the [Facebook for Developers](https://developers.facebook.com/apps/) page. You'll need a Facebook account. While you could use a personal Facebook account, it is best to use an organizational account to avoid problems if specific individuals leave your organization. When you set up a Facebook social identity provider, you'll need to perform the following tasks: * On the Facebook for Developers page, select My Apps, and click Add a New App. For IDM, you'll create a Website application. * You'll need to include the following information when creating a Facebook website application: * Display Name * Contact Email * IDM URL * When complete, you should see your App. Navigate to Basic Settings. * Make a copy of the App ID and App Secret for when you configure the Facebook social identity provider in IDM. * In App settings, you should see an entry for App Domains, such as `example.com`, as well as a Website Site URL, such as `https://idm.example.com/`. For Facebook's documentation on the subject, refer to [Facebook Login for the Web with the JavaScript SDK](https://developers.facebook.com/docs/facebook-login/web). ## Configure a Facebook social identity provider To configure a Facebook social identity provider using the admin UI: 1. From the navigation bar, click Configure > Social ID Providers. 2. On the Social Identity Providers page, enable Facebook. 3. In the Facebook Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, refer to [Facebook Social Identity Provider Configuration Details](#appendix-facebook-social). After you save the social identity provider configuration, IDM generates a `conf/identityProvider-facebook.json` file: ```json { "provider" : "facebook", "authorizationEndpoint" : "https://www.facebook.com/dialog/oauth", "tokenEndpoint" : "https://graph.facebook.com/v2.7/oauth/access_token", "userInfoEndpoint" : "https://graph.facebook.com/me?fields=id,name,picture,email,first_name,last_name,locale" "clientId" : "", "clientSecret" : { "$crypto" : { "type" : "x-simple-encryption", "value" : { "cipher" : "AES/CBC/PKCS5Padding", "stableId" : "openidm-sym-default", "salt" : "", "data" : "", "keySize" : 16, "purpose" : "idm.config.encryption", "iv" : "", "mac" : "" } } }, "scope" : [ "email", "user_birthday" ], ... ``` The file includes `schema` information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you've registered a user with a Facebook social identity, you can verify this by selecting Manage > Facebook, and then selecting a user. Another part of the file includes a `propertyMap`, which maps user information entries between the `source` (social identity provider) and the `target` (IDM). If you need more information about the properties in this file, refer to the following appendix: [Facebook Social Identity Provider Configuration Details](#appendix-facebook-social). ## Configure user registration to link to Facebook Once you've configured the Facebook social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and under the Social tab, enable the option associated with Social Registration. For more information about user self-service features, refer to [Self-service end user UI](../end-user-ui.html). When you enable social registration, you're allowing users to register on IDM through all active social identity providers. ## Facebook social identity provider configuration details You can set up the Facebook social identity provider through the admin UI or in a `conf/identityProvider-facebook.json` file. IDM generates the `identityProvider-facebook.json` file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually. The following table includes the information shown in the admin UI Facebook Provider pop-up window, along with associated information in the `identityProvider-facebook.json` file: **Facebook social identity provider configuration properties** | Property (UI) | Property (JSON file) | Description | | ---------------------- | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | App ID | `clientId` | The client identifier for your Facebook App | | App Secret | `clientSecret` | Used with the App ID to access the applicable Facebook API | | Scope | `scope` | An array of strings that allows access to user data; refer to Facebook's [Permissions Reference](https://developers.facebook.com/docs/facebook-login/permissions) Documentation. | | Authorization Endpoint | `authorizationEndpoint` | For Facebook's implementation, refer to their documentation on how they [Manually Build a Login Flow](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/). | | Token Endpoint | `tokenEndpoint` | Endpoint that receives a one-time authorization code, and returns an access token. For Facebook's implementation, refer to their documentation on how they [Manually Build a Login Flow](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/). | | User Info Endpoint | `userInfoEndpoint` | Endpoint that transmits scope-related fields through Facebook's API. The default endpoint includes the noted field properties as a list, as defined in Facebook's [Permissions Reference](https://developers.facebook.com/docs/facebook-login/permissions). | | Not in the admin UI | `name` | Name of the Social ID provider | | Not in the admin UI | `type` | Authentication module | | Not in the admin UI | `authenticationId` | Authentication identifier, as returned from the User Info Endpoint for each social identity provider | | Not in the admin UI | `propertyMap` | Mapping between Facebook and IDM | For information on social identity provider buttons and badges, refer to [Social identity provider button and badge properties](appendix-social-badges.html).