CA API Management: Facebook Social Login Error

Document ID : KB000076805
Last Modified Date : 09/04/2018
Show Technical Document Details
Issue:
When configuring MAG 4.1 to use Facebook as a social login provider you will receive the below error after successfully authenticating at Facebook:

OAuth 2.0 Authorization Server

error: login_required
error_description: The resource owner could not be authenticated due to missing or invalid credentials

Additional, you may notice similar errors in the SSG log:


Problem routing to https://graph.facebook.com/me?{"access_token":"adb90a49-0f83-4c93-9a11-a34808b5aeee","token_type":"bearer","expires_in":5181522}. Error msg: Invalid URI https://graph.facebook.com/me?{"access_token":"adb90a49-0f83-4c93-9a11-a34808b5aeee","token_type":"bearer","expires_in":5181522} 
Cause:
This is caused by a chance on how Facebook handles the OIDC communication.
Resolution:
A policy customization will be required to handle the response from Facebook. For MAG 4.x you will need to edit the 'Facebook Auth Code Extension' policy.

Please use the attached sample as a guideline for updating this policy.
 
File Attachments:
facebook.xml