Docs Menu

Docs HomeAtlas App Services

Facebook Authentication

On this page

  • Overview
  • Configuration
  • Set Up a Facebook App
  • Create a Facebook App
  • Enable Facebook Login
  • Add App Services as a Valid OAuth Redirect URI
  • Configure the Facebook Authentication Provider
  • Examples

The Facebook authentication provider allows users to log in with their existing Facebook account through a companion Facebook application. When a user logs in, Facebook provides Atlas App Services with an OAuth 2.0 access token for the user. App Services uses the token to identify the user and access approved data from the Facebook API on their behalf. For more information on Facebook Login, see Facebook Login for Apps.

The following diagram shows the OAuth logic flow:

OAuth flow diagram

The Facebook authentication provider has the following configuration options:

Field
Description
Client ID
config.clientId

Required. The App ID of the Facebook app.

See Set Up a Facebook App for information about setting up your Facebook app and finding the App ID.

Client Secret
secret_config.clientSecret

Required. The name of a Secret that stores the App Secret of the Facebook app.

See Set Up a Facebook App for information about setting up your Facebook app and finding the App Secret.

Metadata Fields
metadata_fields

Optional. A list of fields describing the authenticated user that your application will request from the Facebook Graph API.

All metadata fields are omitted by default and can be required on a field-by-field basis. Users must explicitly grant your app permission to access each required field. If a metadata field is required and exists for a particular user, it will be included in their user object.

To require a metadata field from an import/export configuration file, add an entry for the field to the metadata_fields array. Each entry should be a document of the following form:

{ name: "<metadata field name>", required: "<boolean>" }
Redirect URIs
redirect_uris

Required for web applications. A list of allowed redirect URIs.

Once a user completes the authentication process on Facebook, App Services redirects them back to either a specified redirect URI or, if no redirect URI is specified, the URL that they initiated the authentication request from. App Services will only redirect a user to a URI that exactly matches an entry in this list, including the protocol and any trailing slashes.

Domain Restrictions
domain_restrictions

Optional. A list of approved domains for user accounts.

If specified, the provider checks the domain of a user's primary email address on Facebook and only allows them to authenticate if the domain matches an entry in this list.

For example, if example1.com and example2.com are listed, a Facebook user with a primary email of joe.mango@example1.com would be allowed to log in, while a user with a primary email of joe.mango@example3.com would not be allowed to log in.

Note

If you've specified any domain restrictions, you must also require the email address field in the Metadata Fields setting.

The Facebook authentication provider requires a Facebook app to manage authentication and user permissions. The following steps walk through creating the app, setting up Facebook Login, and configuring the provider to connect with the app.

1

Follow Facebook's official guide to create a new Facebook app.

2

From the app's Dashboard view, find the Facebook Login card and click Set Up. You should see a list of quickstart guides for each platform. Follow the guide for your platform to enable Facebook Login.

Note

App Services web applications do not require you to install the Facebook SDK to use the Facebook authentication provider. If you are incorporating Facebook Login into a web application you can skip any steps in the quickstart related to setting up the Facebook SDK for JavaScript.

3

When a user completes the login flow for your Facebook app they need to be redirected back to App Services. Facebook Login will only allow users to redirect to a pre-approved list of URIs.

From the Facebook Login > Settings page, add an App Services authentication callback URL that corresponds to the deployment region of your application to the list of Valid OAuth Redirect URIs. The following table lists the callback URL for each region:

Region
App Services Authentication Callback URL
Global
https://services.cloud.mongodb.com/api/client/v2.0/auth/callback
Virginia
(us-east-1)
https://us-east-1.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
Oregon
(us-west-2)
https://us-west-2.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
Ireland
(eu-west-1)
https://eu-west-1.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
Frankfurt
(eu-central-1)
https://eu-central-1.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
Mumbai
(ap-south-1)
https://ap-south-1.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
Singapore
(ap-southeast-1)
https://ap-southeast-1.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
Sydney
(ap-southeast-2)
https://ap-southeast-2.aws.services.cloud.mongodb.com/api/client/v2.0/auth/callback
4

To connect your Facebook app to App Services, find your Facebook app's App ID and App Secret values on the Settings > Basic page and add them to your authentication provider configuration.

For code examples that demonstrate how to register and log in using Facebook authentication, see the documentation for the Realm SDKs:

←  Email/Password AuthenticationGoogle Authentication →