OAuth2 Facebook Login How To Assistance

@patrick, thank you. I have made that change and have encountered a new error.

When I go to the test page and click on the new button, it takes me to Facebook, I log in, and then the pop up with the permissions pops up. After confirming the permissions, it takes me back to my site, but this error occurs:


On refreshing the page, the redirect in the server action occurs, but the insert does not occur and I get a message that says Unauthorized.

Here is my server action:

In the OAuth2 Provider set the Token Handling to Self Maintain. Leave the Access Token and Refresh Token empty. This will force users to always login and not to reuse the access token.

@patrick Patrick, I made those changes with the same result.



Client Credentials must be checked

Ok, I think I have made progress, but I am stuck on the check for existing email part. No matter what I try, the check is not being honored and new users are being created when an existing user is in the database.

The query is:

I have tried as part of the condition using the following:


All of the above skips the Then portion of the condition and goes to the Else portion and inserts a new user.

What is baffling me is that the {{api_fb_login.data.email}} used for the check is also used as part of the insert statement and is inserting the email retrieved from Facebook, so the same value should be returned as part of the earlier check.

Ok, I fixed the condition not checking issue by turning off debug in the query that the condition was checking.

So it looks like the final issue with this portion of the process is to auto login the user.

What I have done with no success is in this thread, Register New User and Auto Login on Success.
I put the repeat in the Then statement (which activates when the user has already been inserted and is not a new user):

  1. Added a repeat to pull the information from the “check if user exists” query.
  2. Added my security provider in the steps
  3. Added a security login with the values (email and password - which is salted appropriately)
  4. Added a redirect

When I run it, I get unauthorized. The page being directed to is not enforced by the Security Provider Enforcer.

It might be that the redirected page does not has the session start.
Try adding this on the redirect page

if (session_status() == PHP_SESSION_NONE) {

It’s not reaching the redirect page, it is being stopped by the Security Login on the server side.

Do you have this somewrhere online? Is it possible to send a screenshot of the server action? Thank you

The redirect shouldn’t be on the server side action.
Do this.

  1. Save this action as a new one (so you have a back up)
  2. In this action remove the ‘redirect’ step
  3. From the Appconnect -> add the brwowser component
  4. On ‘AppConnect’ just add a success step for your ServerAction to browser go to ‘dashboard.php’.

Let me know if you need more details.

Thank you

1 Like

We’re not using a ServerAction for the link action. Please see above earlier in the thread.

How are handling the password generation and auto login?

I would suggest to add an extra column to your users table to store the unique Facebook userid and use that as password when doing a social login with server connect.

This way you can have the regular password field editable by the user for usage in regular logins. So you can offer both Facebook login or regular.

1 Like

Hi @George,

I have the password generation set up that way.

The auto login pulls the username (email) and password from the repeat.


Just wanted to check in and see if anyone would be able to help me out with the auto login process. I still have not been able to make it work. :frowning:

Hi Scott, what do you mean? What exactly happens and in which of the two cases - then/else?
I just tested this and it logs in and redirects perfectly fine.

Also why in the else and then steps you have repeat steps and some queryies and not just security provider + register/log in and redirect steps?

Your server action steps should just be:

@Teodor, in your setup, how do you define the values for the security login (username/password)? With the repeat, the values are able to be selected. Without the repeat, I am not able to select the values to be used.

Where do you select your values from?
They must come from your api action step…

This is what you use for logging users in.

@Teodor, thank you so much!

I figured out my error now by retracing my steps. I had a security restrict on my “is_user_logged_in” query and that is where the error was coming from. I feel so silly now… :frowning:

I had created the “is_user_logged_in” query a long time ago and included in my include header file which I rarely look at anymore.

There are many solutions in this thread so I am not sure which to mark as the best one. But I do want to thank everyone who provided assistance!

So, is everything working fine now?

I will make a tutorial out of the steps explained in this topic :slight_smile: will be useful for the other users wondering how to set up this in Wappler.