CA API Management: Facebook Social Login Error

Document ID : KB000076805
Last Modified Date : 09/01/2019
Show Technical Document Details
When configuring MAG 4.1 to use Facebook as a social login provider you will receive the below error after successfully authenticating at Facebook:

OAuth 2.0 Authorization Server

error: login_required
error_description: The resource owner could not be authenticated due to missing or invalid credentials

Additionally, you may notice similar errors in the SSG log:

Problem routing to{"access_token":"adb90a49-0f83-4c93-9a11-a34808b5aeee","token_type":"bearer","expires_in":5181522}. Error msg: Invalid URI{"access_token":"adb90a49-0f83-4c93-9a11-a34808b5aeee","token_type":"bearer","expires_in":5181522} 
This is caused by a change on how Facebook handles the OIDC communication.
A policy customization will be required to handle the response from Facebook. For MAG 4.x you will need to edit the 'Facebook Auth Code Extension' policy.

Please use the attached sample as a guideline for updating this policy.
File Attachments: