CA API Management: Facebook Social Login Error

book

Article ID: 76805

calendar_today

Updated On:

Products

CA Rapid App Security CA API Gateway CA Mobile API Gateway CA Mobile - APP Services

Issue/Introduction

When configuring MAG 4.1 to use Facebook as a social login provider you will receive the below error after successfully authenticating at Facebook:

OAuth 2.0 Authorization Server

error: login_required
error_description: The resource owner could not be authenticated due to missing or invalid credentials

Additionally, you may notice similar errors in the SSG log:


Problem routing to https://graph.facebook.com/me?{"access_token":"adb90a49-0f83-4c93-9a11-a34808b5aeee","token_type":"bearer","expires_in":5181522}. Error msg: Invalid URI https://graph.facebook.com/me?{"access_token":"adb90a49-0f83-4c93-9a11-a34808b5aeee","token_type":"bearer","expires_in":5181522} 

Cause

This is caused by a change on how Facebook handles the OIDC communication.

Environment

Release:
Component: APIMBL

Resolution

A policy customization will be required to handle the response from Facebook. For MAG 4.x you will need to edit the 'Facebook Auth Code Extension' policy.

Please use the attached sample as a guideline for updating this policy.
 

Attachments

1558535967446facebook.xml get_app