View Source Assent.Strategy.Facebook (Assent v0.2.9)

Facebook OAuth 2.0 strategy.

The Facebook user endpoint does not provide data on email verification, email is considered unverified. More here:


  • :user_url_request_fields - The fields for the resource, defaults to email,name,first_name,last_name,middle_name,link

See Assent.Strategy.OAuth2 for more.


config = [
  client_id: "REPLACE_WITH_CLIENT_ID",
  client_secret: "REPLACE_WITH_CLIENT_SECRET",
  redirect_uri: "http://localhost:4000/auth/callback"

See Assent.Strategy.OAuth2 for more.


You can use the JS SDK instead of handling it through auhorize_url/2. All you have to do is to set up you HTML page with the following way:

<fb:login-button scope="[SCOPES]" onlogin="checkLoginState();">
<div id="status">

  function checkLoginState() {
    FB.getLoginStatus(function(response) {
      let signedRequest = response.authResponse.signedRequest
      let encodedPayload = atob(signedRequest.split('.')[1])
      let payload = JSON.parse(encodedPayload)

      window.location.href = '<%= @redirect_uri %>?&code=' + encodeURI(payload.code)

  window.fbAsyncInit = function() {
      appId   : '[CLIENT_ID]',
      cookie  : true, // required for server to pick up session
      version : 'v6.0',
      xfbml   : true
<script async defer src=""></script>

In the above, the signed request is decoded and the authorization code is fetched from it. The @redirect_uri is the callback URL.

You have to use an empty redirect_uri for the callback:

{:ok, %{user: user, token: token}} =
  |> Assent.Config.put(:redirect_uri, "")
  |> Assent.Strategy.Facebook.callback(params)