WSO2 Identity Server — Dealing with Facebook API changes.

Facebook’s Platform supports both versioning and migrations so that app builders can roll out changes over time. Each version is guaranteed to operate for at least two years. A version will no longer be usable two years after the date that the subsequent version is released.

So if API version v2.3 is released on March 25th, 2015 and API version v2.4 is released August 7th, 2015 then v2.3 would expire on August 7th, 2017, two years after the release of v2.4. For more information about Facebook API versioning and API change logs you can refer [1] and [2].

If you go through the Facebook’s API change log [2], The oldest version they were supporting (v2.2) was retired on March 25, 2017. This made WSO2 identity servers outbound Facebook authenticator to not to support further. The reason was , there was a major API change in v2.3 which is the support of proper JSON responses from Facebook.

If you are using WSO2 Identity Server 5.0.0 , 5.1.0, 5.2.0 or 5.3.0 you may have experienced this API change. WSO2 has released their new Facebook connectors for above versions which resolves this issue. The installation of these different versions depends on the version you are using.

Following is a guide towards how to solve this issue based on the version of Identity Server you are using.

Identity Server 5.0.o

First remove the old version of Facebook authenticator ie v2 authenticator. (Only you have installed this in your product) In order to do it

1) First if you need to backup your Facebook client ID and secret please back them up by copying them.
2) Start IS and go to Configure -> Features in the Management Console. 
3) Go to "Installed Feature" tab and select "Facebook-v2 Application Authenticator Server". 
4) Then click Uninstall
5) Restart the server.

Now you need to install the new version of FB authenticator. In order to do this please follow the following steps.

1) Go to Configure -> Features in the Management Console. 
2) Click 'Add Repository' 
3) Give a 'Name' like "Local FB Auth V2.4-P2Repo". 
4) Select 'Location' as "Url" and add the location [3] as the URL. 
6) Press 'Add' 
7) In the 'Available Features' tab select the newly added repository. 
8) Deselect 'Group features by category' and Press 'Find Features'. 
9) Select "Facebook-v2.4 Application Authenticator Server" and click Install and follow the installation wizard. 
10) Restart the server. 
11) In the Identity Provider UI (of the IdP you have already created) you will notice a new Federated Authenticator named "Facebook-v2.4 Configuration" is added. Enable it and select it as the Default. Disable the existing Facebook Authenticator. 
12) Enter Facebook application 'Client Secret', 'Client Id' and set the "User Identifier Field" value to "id". Then retry the Identity Federation scenario again. Here by using the "User Identifier Field" you could configure the authenticator to use any of the available fields in the Graph API.

After configuring these please make sure you have enabled this new Facebook authenticator by enabling ticks for

Enable Specifies if custom authenticator is enabled for this Identity Provider
Default Specifies if custom authenticator is the default

Also go to your service providers and make sure they have correct IDP selected. Update your service providers and try out your scenarios.

Identity Server 5.1.0

For Identity Server 5.1.0 we have released a patch for this issue.

Identity Server 5.2.0 and Identity Server 5.3.0

From Identity Server 5.2.0 onwards we are shipping Facebook authenticator as a connector. You can see more Identity Server connectors from [5]. Connector is nothing much than an extension which resides inside Identity Servers dropins directory. You can find the dropins directory at <IS_HOME>/repository/components/dropins.

You need to update this connector to the latest version. Simply remove the existing facebook authenticator jar and add the latest extension which you can find in [4]. In order to do this you need to stop the Identity Server and then remove the existing jar inside dropings directory. Then you need to add the new jar downloaded from [5] and restart the server.



[3] [1]



One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.