Configure Facebook login for Discourse

:warning: Updating the Facebook app API or creating a new app will break existing logins. See troubleshooting at the bottom of this post for a solution.


Go to and …

  1. Login with the credentials of the account you want to connect to Discourse and follow the wizard.
    If you already have other apps instead of Get Started you will see the entry My Apps, then just click on :heavy_plus_sign: Add new app and follow the guide from step 1b

    1a. Select Developer

    1b. Provide a name for the app, for example Discourse Login and click on Next.

    1c. Click on Add your first product

  2. Click Set Up below Facebook Login.

  3. From the menu on the left, exit Quickstart by clicking on Settings under Facebook Login

  4. Setup the Valid OAuth redirect URI field, entering – obviously, replacing the domain with your site’s actual domain name and matching the HTTPS protocol. Remember that the HTTPS protocol is now mandatory for all URI redirects. Click Save Changes.
    Once completed, a successful setup should look like this in Products/Facebook Login/Settings:

  5. Navigate to Settings/Basic, enter your Discourse URL ( in the App Domains field and also enter the URL for your Discourse site privacy policy and Terms of Service in the appropriate fields and also upload the icon of your site. (Mind that for your privacy and tos link to be verified, you should have a valid SSL certificate integrates, which is not self-signed. If the certificate is missing, or self-signed, you won’t be able to save your changes).
    If you have a company that does business in the European Union, you may want to fill in the Data Protection Officer Contact Information form before clicking on Save Changes.

    ⚠️ Facebook has changed this step to ask for extra information. We are currently working to determine what you need to provide; see recent replies. (November 2020)

    There is now a field for User Data Deletion information for GDPR compliance. Select “Data Deletion Instructions URL” from the dropdown and add a link to a page (such as which contains a sentence like “Accounts on this site can be anonymized or deleted at the user’s request. Contact our @support group for details.”

  6. At the bottom of the page click on :heavy_plus_sign: Add Platform and select Website

  7. Enter your Discourse URL here, for example and click Save Changes

  8. Click on the Status button to change your app from in development to public.

    The category you select does not matter.

    After a few seconds the button will become:

  9. In Discourse site settings, enter your Facebook app’s App ID and App Secret in the facebook app id and facebook app secret fields. You’ll also want to check off Enable Facebook authentication, requires facebook_app_id and facebook_app_secret

That’s it! Facebook login should work now. Be sure to test it from a “normal” Facebook account, not your developer account.


Hosted Customers

:discourse2: If you are a Discourse hosting customer, contact us via the email address on your site dashboard and we will be happy to assist. :+1: :slightly_smiling_face:

If you’re hosted by another provider you will need to contact them for any server-related tasks or issues.


If the Facebook app API is updated, or the app ID/secret are changed, you’ll need to remove existing associations from your site before users can log in again. To remove this data, run the following:

cd /var/discourse
./launcher enter app
rails c
UserAssociatedAccount.where(provider_name: "facebook").delete_all

The process for configuring this has changed a bit I think with the rebrand to ‘Meta’. Here is a walkthrough:

1a. After clicking New App

Consumer seems to be the best choice, giving a nice limited set of options with all we need.

At the end - Advanced Access

You now seem to need to request “Advanced Access” to the Facebook user’s email address. This seemed to require just a few clicks and was automatically granted. However, it took a bit of poking about to find it before it popped up.

There also seems to be the need to review access within the next month or so. All in all it is a lot more pfaff than setting up the other OAuth logins.


So I was able to configure Facebook login as method for users to sign up finally (my original app stopped working after Facebook updated it’s GDPR compliance). For those interested, create a brand new app in Facebook and in addition to the steps mentioned in the first post, you will also need these steps on your Facebook developers page for your app:

App ReviewPermissions and Features

  • public_profile → Click Get Advanced Access → Follow instructions
  • email → Click Get Advanced Access → Follow instructions

Now your users should be able to sign up using Facebook and they should receive email notifications to subscribed posts as well


I’ve given up on Facebook login integration. Either these are bots or they don’t take the time to read. It’s now the second time they bring up that my privacy policy violates theirs. The first time I was able to resolve it. Now the issue came back.

Their reaction after me repeating that my privacy policy does perfectly well addresses their demands.


Thank you for contacting us about your app.

The Privacy Policy linked to your app must comply with Facebook Platform Policy 4.b:

This policy states that you must include all of the following:

  • A clear explanation of what data you are collecting and processing (done)
  • The purpose for which you are collecting and processing that data (done)
  • How users may request deletion of that data (pending - deleting account or content is not similar to user can request data deletion. You may change your sentence to makes the Platform Terms 4.b compliant)

For more information regarding our Privacy Policy requirements, please visit section four of the Facebook PlatformTerms: Platform Terms - Facebook for Developers .

Thank you for your cooperation. Please respond to this email when your app has been updated or if you have anyquestions about this request.


While sharing a screenshot where perfectly well describes how users can request data removal and what kind of data it is.

Anyway, the most important thing I want to know now is this. People that used Facebook to login, are they still able to login with a username/password combination? Or does it mean I’ve lost those users?

1 Like

if they didn’t previously set a password they’ll need to request a reset email, but yes they can login with a password. We just went through this on our forums and for the same reason.


There is no #deletion section in my default TOS :frowning:

What content should I add if I manually create that section?

1 Like

I did my best to update our privacy policy to comply with their comments: Privacy - TZM Community Forum

It was okay at first, then after a month or 2 they came back with the same complaints. For some reason no change was sufficient, so they deactivated the app. I’ve removed it afterwards, life is too short to argue with Facebook (bots).