Configuring Facebook login for Discourse

(Marco) #29

I get an error: “This account is not authorized to manage apps. Please use your verified personal Facebook account to create and manage your apps.”

I have a “company” account con FaceBook.

(Ryan Bolger) #30

I noticed this as well. I was checking the Facebook developer’s guide on default permissions and they basically state that your site must support the condition that users will now allow their email address to be shared. It’s also the case that users can have a facebook account that doesn’t have an email address associated with it (because they signed up with a phone number).

So on the Discourse side, this needs to be handled more gracefully either by allowing a manually entered address or simply telling the user that they must go back and re-authorize the email address permission.

@Grimbly In order to go back and reset the permissions you gave to the site, you need to login to Facebook and go to Settings - Apps. From there, delete the entry for your Discourse related app.

(blaumeer) #31

Have you solved the issue @vulkanino? You need a verified personal Facebook account meaning a personal account tied to a telephone number or other verification method, then use this account to login as developer and cretae a new app.

(Marco) #32

I forgot about it actually!
I didn’t want to create another FaceBook account but it looks like this is the only way to go.

(Fábio Machado De Oliveira) #33

My discourse is asking for user e-mail when I register with facebook login, then it asks for e-mail confirmation. What I did wrong? This doesn’t happen here in

(Kane York) #34

That happens if Facebook isn’t reporting that your email has been verified.

edit: Yep, here’s your login list here on Meta:

(John Ellis) #55

Nevermind! Our facebook app page was setup as a desktop app, rather than a web app. I made some changes and it’s working now.

(Joshua Rosenfeld) #65

Some minor UI changes by Facebook, but the overall instructions were correct. I’ve updated the guide.

(Daniela) #66

I proceeded to update the guide (steps and images).

(Dražen Lučanin) #67

Discourse’s OAuth request callback for some reason uses http even though my instance is on https. I had to whitelist to get Facebook login to work.

(Jay Pfaffman) #68

Is force https checked?

(Dražen Lučanin) #69

I tried setting force_https to true, but I couldn’t log in at all (had to manually set it back to false). Perhaps I did something wrong with in my HTTPS setup. But normally the site is fully served over HTTPS and I even redirect to HTTPS on the DNS level.

(Felix Freiberger) #70

Do you have a reverse proxy? If so, do you pass the X-Forwarded-Proto header?

(Dražen Lučanin) #71

Excellent spotting @fefrei :slight_smile: Works now that I added proxy_set_header X-Forwarded-Proto $scheme; in my nginx server definition and after I force HTTPS everything works. I can now force HTTPS in the Facebook app settings as well.


It is not possible to add website as a platform anymore in the interface. Any suggestions of how to do instead?

(RBoy) #73

Got this message today. Suggestions on what need to be done here?

App Review required by August 1, 2018 to retain access to Facebook Platform APIs

The Facebook App Review process and API permissions model have been updated. Learn more.

In order to maintain your current API access, your app will need to be submitted for review by August 1, 2018. If your app is not submitted for review, you will lose access to these permissions and features.

  • user_friends

  • user_link

  • user_gender

  • user_age_range

The Facebook Platform APIs have been updated with these changes. Please review the FAQ to ensure you request the correct permissions and features with your app review submission.

If access to the permissions and features is approved, the app may need to be associated to a verified business to complete App Review.

(Steve Combs) #75

The FB announcement states:

If your app is not submitted for review, you will lose access to these permissions and features.

  • user_friends
  • user_link
  • user_gender
  • user_age_range

The FB submission process lists the following “default” Login Permissions.


Provides access to the person’s primary email address. This permission is approved by default.


Provides access to a person’s name and profile picture. This permission is approved by default.


Provides access to a person’s list of friends that also use your app. This permission is approved by default.

I believe Discourse is fine with the default Login Permissions, so doing nothing will have no impact. Fingers crossed.

(RBoy) #76

Maybe @codinghorror can confirm

(Jeff Atwood) #77

We don’t use any of those fields, never have, so I don’t know why it would matter. As @scombs said.

(Steven) #78

I have the same message, then I got curious and created a new app, but now you can only use API version 3.0 which seems to be not compatible with Discourse v2.0.0.beta10 +5 like here