Configure Facebook login for Discourse

:exclamation: As of February 2023, Meta has implemented a business verification requirement when publishing new and existing apps.

:warning: Updating the Facebook app API or creating a new app will break existing logins. See troubleshooting at the bottom of this post for a solution.

Configuration

Go to developers.facebook.com/apps and …

  1. Login with the credentials of the account you want to connect to Discourse and follow the wizard.
    If you already have other apps instead of Get Started you will see the entry My Apps, then just click on :heavy_plus_sign: Add new app and follow the guide from step 1b

    1a. Select Developer


    1b. Provide a name for the app, for example Discourse Login and click on Next.

    1c. Click on Add your first product

  2. Click Set Up below Facebook Login.
    firefox_2018-03-14_17-08-49

  3. From the menu on the left, exit Quickstart by clicking on Settings under Facebook Login

  4. Setup the Valid OAuth redirect URI field, entering https://discourse.example.com/auth/facebook/callback – obviously, replacing the domain with your site’s actual domain name and matching the HTTPS protocol. Remember that the HTTPS protocol is now mandatory for all URI redirects. Click Save Changes.
    Once completed, a successful setup should look like this in Products/Facebook Login/Settings:

  5. Navigate to Settings/Basic, enter your Discourse URL (https://discourse.example.com) in the App Domains field and also enter the URL for your Discourse site privacy policy and Terms of Service in the appropriate fields and also upload the icon of your site. (Mind that for your privacy and tos link to be verified, you should have a valid SSL certificate integrates, which is not self-signed. If the certificate is missing, or self-signed, you won’t be able to save your changes).
    If you have a company that does business in the European Union, you may want to fill in the Data Protection Officer Contact Information form before clicking on Save Changes.

    ⚠️ Facebook has changed this step to ask for extra information. We are currently working to determine what you need to provide; see recent replies. (November 2020)

    There is now a field for User Data Deletion information for GDPR compliance. Select “Data Deletion Instructions URL” from the dropdown and add a link to a page (such as https://discourse.example.com/tos#deletion) which contains a sentence like “Accounts on this site can be anonymized or deleted at the user’s request. Contact our @support group for details.”

  6. At the bottom of the page click on :heavy_plus_sign: Add Platform and select Website

  7. Enter your Discourse URL here, for example https://discourse.example.com and click Save Changes

  8. Click on the Status button to change your app from in development to public.


    The category you select does not matter.

    After a few seconds the button will become:
    firefox_2018-03-14_18-20-25

  9. In Discourse site settings, enter your Facebook app’s App ID and App Secret in the facebook app id and facebook app secret fields. You’ll also want to check off Enable Facebook authentication, requires facebook_app_id and facebook_app_secret

That’s it! Facebook login should work now. Be sure to test it from a “normal” Facebook account, not your developer account.

Troubleshooting

Hosted Customers

:discourse2: If you are a Discourse hosting customer, contact us via the email address on your site dashboard and we will be happy to assist. :+1: :slightly_smiling_face:

If you’re hosted by another provider you will need to contact them for any server-related tasks or issues.

Self-hosters

If the Facebook app API is updated, or the app ID/secret are changed, you’ll need to remove existing associations from your site before users can log in again. To remove this data, run the following:

cd /var/discourse
./launcher enter app
rails c
UserAssociatedAccount.where(provider_name: "facebook").delete_all
78 Likes