1 files changed, 12 insertions, 11 deletions
diff --git a/latest/openid.html b/latest/openid.html
index ba61865227..f1bbd3f2ff 100644
--- a/latest/openid.html
+++ b/latest/openid.html
@@ -533,8 +533,6 @@ https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup)
display_name_template: '{{ user.name }}'
</code></pre>
<h3 id="facebook"><a class="header" href="#facebook">Facebook</a></h3>
-<p>Like Github, Facebook provide a custom OAuth2 API rather than an OIDC-compliant
-one so requires a little more configuration.</p>
<ol start="0">
<li>You will need a Facebook developer account. You can register for one
<a href="https://developers.facebook.com/async/registration/">here</a>.</li>
@@ -556,25 +554,28 @@ and "App Secret" for use below.</li>
idp_name: Facebook
idp_brand: "facebook" # optional: styling hint for clients
discover: false
- issuer: "https://facebook.com"
+ issuer: "https://www.facebook.com"
client_id: "your-client-id" # TO BE FILLED
client_secret: "your-client-secret" # TO BE FILLED
scopes: ["openid", "email"]
- authorization_endpoint: https://facebook.com/dialog/oauth
- token_endpoint: https://graph.facebook.com/v9.0/oauth/access_token
- user_profile_method: "userinfo_endpoint"
- userinfo_endpoint: "https://graph.facebook.com/v9.0/me?fields=id,name,email,picture"
+ authorization_endpoint: "https://facebook.com/dialog/oauth"
+ token_endpoint: "https://graph.facebook.com/v9.0/oauth/access_token"
+ jwks_uri: "https://www.facebook.com/.well-known/oauth/openid/jwks/"
user_mapping_provider:
config:
- subject_claim: "id"
display_name_template: "{{ user.name }}"
+ email_template: "{{ '{{ user.email }}' }}"
</code></pre>
<p>Relevant documents:</p>
<ul>
-<li>https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow</li>
-<li>Using Facebook's Graph API: https://developers.facebook.com/docs/graph-api/using-graph-api/</li>
-<li>Reference to the User endpoint: https://developers.facebook.com/docs/graph-api/reference/user</li>
+<li><a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow">Manually Build a Login Flow</a></li>
+<li><a href="https://developers.facebook.com/docs/graph-api/using-graph-api/">Using Facebook's Graph API</a></li>
+<li><a href="https://developers.facebook.com/docs/graph-api/reference/user">Reference to the User endpoint</a></li>
</ul>
+<p>Facebook do have an <a href="https://www.facebook.com/.well-known/openid-configuration">OIDC discovery endpoint</a>,
+but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
+is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
+so we have to disable discovery and configure the URIs manually.</p>
<h3 id="gitea"><a class="header" href="#gitea">Gitea</a></h3>
<p>Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.</p>
<p>The <a href="https://try.gitea.io/api/swagger#/user/userGetCurrent"><code>/user</code> API endpoint</a>
|
