Skip to content

Add Facebook login

You can add Facebook login to your applications using WSO2 Identity Server and enable users to log in with their Facebook accounts.

Follow this guide for instructions.

Register WSO2 Identity Server on Facebook

You need to register WSO2 Identity Server as an app on Facebook.


You can follow the Facebook Documentation for detailed instructions.

To register an app on Facebook:

  1. Go to the My Apps page in Meta for developers.

  2. Click Create App.

    Facebook developer portal

  3. Select the use case as Authenticate and request data from users with Facebook Login and click Next.

    Create Facebook consumer app

  4. Select the login type out of the options and click Next.

    Create Facebook consumer app

  5. Provide Display Name and click Create App to create an application.

    Provide information to Facebook app

  6. While in the created application, select Use cases from the left navigation.

  7. Under Use cases > Authentication and account creation, click Customize.

  8. Under Facebook Login > Quickstart, click Go to quickstart.

  9. Select Web as the platform for this app and provide the following Site URL with your organization name and click Save.

    bash no-line-numbers<organization_name>

  10. Return to the Use cases > Customize section and under Facebook login > Settings, click Go to settings.

  11. Add the following as the Valid OAuth Redirect URIs and click Save changes.

  12. Enable Client OAuth Login and Web OAuth Login (these are enabled by default) and save the changes.

    Add Facebook settings

  13. On the left navigation panel, go to App settings > Basic and take note of the App ID and App Secret.

    Get AppID and Secret from Facebook

Register the Facebook IdP

Now, let's register the Facebook IdP in WSO2 Identity Server.

  1. On the WSO2 Identity Server Console, go to Connections.
  2. Click Create Connection and select Facebook.
  3. Enter the following details of the Facebook identity provider and click Finish:

    Add Facebook IDP in WSO2 Identity Server

    Parameter Description
    Name A unique name for this Facebook identity provider.
    App ID App ID obtained from Facebook.
    App Secret The app secret obtained from Facebook.

When a user logs in with an external identity provider using the same email address registered in a local account, JIT-provisioning overrides the attributes of the local account with the attributes received from the external identity provider.

WSO2 Identity Server, by default, disables Just-In-Time (JIT) user provisioning for your external identity provider.

To enable JIT-provisioning,

  1. On the WSO2 Identity Server Console, click Connections and select the relevant connection.

  2. Go to the Just-in-Time Provisioning tab of the selected connection.

  3. Check/Uncheck the Just-in-Time (JIT) User Provisioning checkbox to enable/disable it.

    enable/disable JIT user provisioning

  4. Click Update to save the changes.


After the Facebook identity provider is created, go to the Settings tab and see the list of permissions granted by Facebook to WSO2 Identity Server.

  • email: Grants read access to a user's primary email address.
  • public_profile: Grants read access to a user's default public profile details.


WSO2 Identity Server needs these permissions to get user information. WSO2 Identity Server checks the attribute configurations of the application and sends the relevant attributes received from Facebook to the app. You can read the Facebook documentation to learn more.

Enable Facebook login

Before you begin

You need to register an application with WSO2 Identity Server. You can register your own application or use one of the sample applications provided.

  1. On the WSO2 Identity Server Console, go to Applications.
  2. Select your application, go to the Login Flow tab and add Facebook login as follows:

    1. Click Add Sign In Option to add a new authenticator to the first step.

    2. Select the Facebook connection.

    3. Click Confirm to add login with Facebook to the sign-in flow.

      Configuring Facebook login in WSO2 Identity Server using the Visual Editor


    It is recommended to add your social and enterprise connections to the first authentication step as they are used for identifying the user.

  3. Click Update to save your changes.

Try it out

Follow the steps given below.

  1. Access the application URL.

  2. Click Login to open the WSO2 Identity Server login page.

  3. On the WSO2 Identity Server login page, click Sign in with Facebook.

    Login with Facebook

  4. Log in to Facebook with an existing user account.

  5. The user is now redirected to the application and logged in.


When a user successfully logs in with Facebook for the first time, a user account is created in the WSO2 Identity Server Console with the Facebook username. This new user account will be managed by Facebook.

Configure connection

To learn more about other configurations available for the connection, refer to the add federated login documentation.