Qodex.ai

Configure Facebook as an Identity Provider

Number of APIs: 11

PingOne supports several external identity providers, including Facebook. A sign-on policy configuration in PingOne for Facebook as an identity provider allows users to authenticate and gain access to a configured application using the Facebook sign-on flow and their Facebook credentials.

If the client secret has been updated, you must also update the client secret in both the PingOne configuration for the OIDC external identity provider, and the external OpenID provider.

Note: To specify Facebook as an external identity provider, you must have Facebook's application ID and application secret property values. You can find this information on the Facebook for developers portal.

This scenario illustrates the following common operations supported by the PingOne APIs:

  • Create an identity provider configuration
  • Create an optional identity provider attribute mapping
  • Create a population for Facebook users
  • Create a sign-on policy
  • Create a sign-on policy action
  • Create an application
  • Associate the sign-on policy with the application

Prerequisites

Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.

Workflow order of operations

To create a sign-on policy that specifies Facebook as a supported external identity provider, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/identityProviders to create the identity provider configuration for Facebook.

  2. Make a POST request to /environments/{{envID}}/identityProviders/{{providerID}}/attributes to map the Facebook email attributes to PingOne email attributes. This step is optional.

  3. Make a POST request to /environments/{{envID}}/populations to create a population for users who will use their Facebook credentials to sign on.

  4. Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.

  5. Make a POST request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions to create a new LOGIN sign-on policy action, which is associated with the new sign-on policy.

  6. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  7. Make a GET request to /environments/{{envID}}/resources to return a list of all resource entities associated with the specified environment to get the ID for the PingOne platform resource.

  8. Make a GET request to /environments/{{envID}}/resources/{{resourceID}}/scopes to list all scopes associated with a specified resource (the PingOne platform resource).

  9. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create a new resource access grant for the application.

  10. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate the sign-on policy with the application.

  11. Make a POST request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

  1. Step 10: Assign the sign-on policy to an application POST {{apiPath}}/environments/{{envID}}/applications/{{FacebookAppID}}/signOnPolicyAssignments

  2. Step 1: Create the new identity provider resource POST {{apiPath}}/environments/{{envID}}/identityProviders

  3. Step 2: Create an optional attribute mapping POST {{apiPath}}/environments/{{envID}}/identityProviders/{{facebookIdpID}}/attributes

  4. Step 3: Create a population for Facebook users POST {{apiPath}}/environments/{{envID}}/populations

  5. Step 4: Create the new sign-on policy POST {{apiPath}}/environments/{{envID}}/signOnPolicies

  6. Step 5: Create the sign-on policy action POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{facebookIdpPolicyID}}/actions

  7. Step 6: Create an application POST {{apiPath}}/environments/{{envID}}/applications

  8. Step 7: Get the list of resources GET {{apiPath}}/environments/{{envID}}/resources

  9. Step 8: Get all scopes GET {{apiPath}}/environments/{{envID}}/resources/{{p1ResID}}/scopes

  10. Step 9: Create the application's resource access grant POST {{apiPath}}/environments/{{envID}}/applications/{{FacebookAppID}}/grants