Automatic sign-up with Facebook

This chapter will guide you through the steps required to configure automatic sign-up with Facebook in Onegini IDP. This feature allows users to automatically signup when all required attributes are returned in Facebook Oauth2 response.

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
  • Onegini IDP must have the Username & password identity provider configured

Configure Facebook identity provider

To register a Facebook IdP (identity provider) within the Onegini IDP as an Identity Provider first you need to create an application on https://developers.facebook.com/ and obtain it's App ID and App Secret. Check https://developers.facebook.com/docs/apps/register documentation to see how it can be done. Next visit the http://idp-core.dev.onegini.me:8082/admin page and login to Onegini IDP admin console. Select Config menu option and navigate to Identity Providers tab. Hit the + button to create a new Identity Provider configuration. Fill in the form as follows:

  1. Type - open the dropdown list and select Facebook
  2. Name - name your Facebook IdP instance
  3. Authentication Level - choose desired authentication level
  4. Enabled - mark your Identity Provider as enabled
  5. OAuth attributes - paste your Facebook App ID as Client ID and App Secret as Client Secret. Client Scope can be set to public_profile, email or other value depending on the expected type of data. If left blank default email scope will be used. You can read more about supported scopes in the official Facebook's documentation - https://developers.facebook.com/docs/facebook-login/permissions/.
  6. Attributes mappings - as you already noticed the Onegini IDP within the configuration form also gives option to define attribute mappings. It's a very useful functionality which let's you define "translations" for user's profile and custom attributes. The automatic signup functionality requires at least Email address attribute to mapped from the external identity provider (Facebook). Depending on the scope that you use you can also provide additional mappings for other fields. To get more info about attribute mappings please see Attribute Mappings topic guide.

Configure automatic sign-up feature in Onegini IDP

After successful Facebook IdP configuration visit the http://idp-core.dev.onegini.me:8082/admin page and login to Onegini IDP admin console. Select Config menu option and navigate to Feature management tab and check Just-in-time external IdP sign-up enabled in Processes section. The Bind multiple social accounts with one CIM-account allows to couple Facebook account with existing account when email address is already registered in Onegini IDP.

Testing

To test automatic sign-up with Facebook please try login to Onegini IDP by selecting Facebook identity provider available on login page. If everything was configured correctly the new person account should be created automatically without showing the sign-up form, instead you should be redirected straight to the personal dashboard page.