Configuring Facebook login for Discourse


(Jeff Atwood) #1

:warning: Updating the Facebook app API or creating a new app will break existing logins. See troubleshooting below for a solution.

Configuration

Go to developers.facebook.com/apps and …

  1. “Create or Add a New App”.

  2. Provide a name for the app, for example “Discourse Login”.

  3. Click “Create App ID”.

  4. Click “Set Up” below Facebook Login.
    firefox_2018-03-14_17-08-49

  5. From the menu on the left, exit Quickstart by clicking on Settings

  6. Setup the “Valid OAuth redirect URI” field, entering https://discourse.example.com/auth/facebook/callback – obviously, replacing the domain with your site’s actual domain name and matching the correct protocol, http or https. Click Save Changes.
    Once completed, a successful setup should look like this in Products / Facebook Login / Settings:

  7. Navigate to Settings/Basic:

  8. Enter your Discourse URL (https://discourse.example.com) in the “App Domains” field (mandatory from March 2018).

  9. Enter the URL for your Discourse site privacy policy and Terms of Service in the appropriate fields and also upload the icon of your site.

  10. At the bottom of the page click on “:heavy_plus_sign: Add Platform” and select Website

  11. Enter your Discourse URL here, for example https://discourse.example.com and click Save Changes

  12. Click on the Status button to change your app from “in development” to “public”.


    The category you select does not matter.

    After a few seconds the button will become:
    firefox_2018-03-14_18-20-25

  13. In Discourse site settings, enter your Facebook app’s App ID and App Secret in the facebook app id and facebook app secret fields. You’ll also want to check off Enable Facebook authentication, requires facebook_app_id and facebook_app_secret

That’s it! Facebook login should work now. Be sure to test it from a “normal” Facebook account, not your developer account.

Troubleshooting

If the Facebook app API is updated, or the app ID/secret are change, you’ll need to remove existing FacebookUserInfo from your site before users can log in again. To remove this data, run the following:

cd /var/discourse
./launcher enter app
rails c
FacebookUserInfo.delete_all

If you are a Discourse hosting customer, contact @team and we can assist.


Guidance on creating a Facebook Single-Sign-On
Facebook sign up form doesn't validate email address
Why showing blank email box during Facebook sign up?
Moving over Facebook Group (not an import question)
User should be able to login without verification
Use SSL OAuth Redirect URLs
Facebook/google and also twitter login error
Login with Social Media accounts
Configure oauth callback urls
Facebook new oauth policy
SSL Problems with Facebook-Auth
[Paid] Discourse configuration changes
How To Fix / Remove All Facebook Logins For Updated AppID
(Jakub Ryška) #8

I can see, that the login with facebook creates a popup during the login. Is there a way, how to configure it so it doesn’t create the popup but maybe a redirect instead of it? The popups may be blocked by the user browser.


(lid) #9

It will be interesting to see if the facebook library. Will detect a popup blocker and make the redirect instead.

@coubeatczech can you test it by setting your browser to block popup on your test site


(Jakub Ryška) #10

Yes, if I add popup blocker to my browser, it then immediatelly kills the popup and the login will fail.


(Jeff Atwood) #27

Yes, you’ll see this alert but only if you log in using the Facebook credentials of the person who registered this Facebook application:

We can’t see any other consequence of this; the local login works fine.


(Marco) #29

I get an error: “This account is not authorized to manage apps. Please use your verified personal Facebook account to create and manage your apps.”

I have a “company” account con FaceBook.


(Ryan Bolger) #30

I noticed this as well. I was checking the Facebook developer’s guide on default permissions and they basically state that your site must support the condition that users will now allow their email address to be shared. It’s also the case that users can have a facebook account that doesn’t have an email address associated with it (because they signed up with a phone number).

So on the Discourse side, this needs to be handled more gracefully either by allowing a manually entered address or simply telling the user that they must go back and re-authorize the email address permission.

@Grimbly In order to go back and reset the permissions you gave to the site, you need to login to Facebook and go to Settings - Apps. From there, delete the entry for your Discourse related app.


(blaumeer) #31

Have you solved the issue @vulkanino? You need a verified personal Facebook account meaning a personal account tied to a telephone number or other verification method, then use this account to login as developer and cretae a new app.


(Marco) #32

I forgot about it actually!
I didn’t want to create another FaceBook account but it looks like this is the only way to go.
Thanks…


(Fábio Machado De Oliveira) #33

My discourse is asking for user e-mail when I register with facebook login, then it asks for e-mail confirmation. What I did wrong? This doesn’t happen here in meta.discourse.org.


(Kane York) #34

That happens if Facebook isn’t reporting that your email has been verified.

edit: Yep, here’s your login list here on Meta:


Why E-Mail is empty when you signup/login with Facebook?
(John Ellis) #55

Nevermind! Our facebook app page was setup as a desktop app, rather than a web app. I made some changes and it’s working now.


(Joshua Rosenfeld) #65

Some minor UI changes by Facebook, but the overall instructions were correct. I’ve updated the guide.


(Daniela) #66

I proceeded to update the guide (steps and images).


(Dražen Lučanin) #67

Discourse’s OAuth request callback for some reason uses http even though my instance is on https. I had to whitelist http://discourse.example.com/auth/facebook/callback to get Facebook login to work.


(Jay Pfaffman) #68

Is force https checked?


(Dražen Lučanin) #69

I tried setting force_https to true, but I couldn’t log in at all (had to manually set it back to false). Perhaps I did something wrong with in my HTTPS setup. But normally the site is fully served over HTTPS and I even redirect to HTTPS on the DNS level.


(Felix Freiberger) #70

Do you have a reverse proxy? If so, do you pass the X-Forwarded-Proto header?


(Dražen Lučanin) #71

Excellent spotting @fefrei :slight_smile: Works now that I added proxy_set_header X-Forwarded-Proto $scheme; in my nginx server definition and after I force HTTPS everything works. I can now force HTTPS in the Facebook app settings as well.


#72

It is not possible to add website as a platform anymore in the interface. Any suggestions of how to do instead?