This tutorial demonstrates how to add user login to an Android application using native Facebook Login. We recommend that you log in to follow this quickstart with examples configured for your account.
1

System requirements

  • Android Studio 3.6.1
  • Android SDK 25
  • Emulator - Nexus 5X - Android 6.0
This tutorial describes how to implement login with the Facebook SDK.​
2

Before You Start

Configure your Auth0 application in the dashboard to use Facebook Native Sign In. See Add Facebook Login to Native Apps. When you finish this step, your application will be able to implement Facebook Native Login.
3

Request Facebook permissions

Your application is already able to sign in with Facebook. However, to ensure you have a rich user profile, you need to update the permissions with which the Facebook Login Button was set up.Set the requested permissions to public_profile and email. This way, the user email will also be included as part of the response, provided the access request is accepted by the user.
loginButton.setPermissions(Arrays.asList("public_profile", "email"));
4

Create performLogin method

Now, to kick off the authentication process with Auth0, create a new method in which you will prepare the payload to be sent.You will make use of a small interface to handle our internal callbacks.In the sample, the method was named performLogin and the interface SimpleCallback. Go ahead and add both.
5

Call performLogin method

Now, call the method from the Facebook login callback’s onSuccess method.
6

Integrate Facebook

When you sign in with Facebook at Auth0, the backend will perform some checks in the background to ensure the user is who they say they are. To achieve this, it needs to be provided with a Session Access Token.Furthermore, if a user needs to be created on Auth0 to represent this Facebook user, the backend will require some of their information, such as their name, last name, and email. The email, if provided, will be flagged as non-verified on the Auth0 user profile.To obtain the Session Access Token and the user profile, two additional requests need to be made against the Facebook API.
7

Fetch Facebook session Access Token

Make a new GET request against the Facebook API’s /oauth/access_token endpoint. Use the following query parameters:
  • grant_type: fb_attenuate_token.
  • fb_exchange_token: the access token received upon login.
  • client_id: your App ID. This value comes from the Facebook Developer’s dashboard and should already be in use in your application if you have integrated Facebook Login successfully.
Put the logic from this step in its own method. You will be calling it later from the previously-added method.The sample uses the Facebook SDK’s GraphRequest class to perform this request.
8

Fetch Facebook user profile

Now make another GET request, just like in the step above. The endpoint path will be the User ID value from the Facebook login result (for example, /904636746222815). Use the following parameters:
  • access_token: the access token received upon login.
  • fields: the fields from the user profile that you’d like to get back in the response. These are directly tied to the Facebook Login Button permissions that were configured at the beginning. When a permission is optional, the user must first consent to give access to it. For the purpose of signing up a user at Auth0, their full name and email will suffice.
9

Integrate Auth0

Now that the required artifacts have been obtained, you are ready to trade them for Auth0 user credentials, such as the ID and Access Tokens. But first, you must set up the Auth0 SDK to make that last request.

Get your application keys

  1. Go to the Applications section of the Auth0 Dashboard and select the existing application in which you enabled Sign in with Facebook. If you need help with this step, please check the requirements section at the top of this article.
  2. Copy the Domain and Client ID values from the application settings page. These are required by the SDK.
  3. Create two new resources in your Android application’s strings.xml file to store them. The name of the keys must match the ones used below:
<resources>

      <string name="com_auth0_domain">dev-gja8kxz4ndtex3rq.us.auth0.com</string>

      <string name="com_auth0_client_id">mz9iNEIo2PHu7oeh8QRt19ndTyyCIgai</string>

</resources>

Install the Auth0 SDK

In your Android application, add this line to the app/build.gradle file:
dependencies {
      implementation 'com.auth0.android:auth0:1.+'
}
Now is time to run the Gradle Sync task to refresh the project and its dependencies.

Update manifest for web authentication

If your application does not plan to make use of the Web Authentication module provided by the SDK, you will need to remove the unused activity from the AndroidManifest.xml file to prevent Manifest Placeholder issues. This can be achieved by adding an activity declaration and annotating it with tools:node=“remove”.
<application>
<!-- Add the activity declaration line below -->
<activity
android:name="com.auth0.android.provider.AuthenticationActivity"
tools:node="remove" />
</application>
However, if you do plan to support Web Authentication, head over here to learn how to declare the Manifest Placeholders.
10

Exchange the received data for Auth0 tokens

The SDK must be instantiated before use. Define a field at the class level and initialize it on the onCreate method. Note how the credentials defined in the step above are passed to the Auth0 constructor and then a new instance of the AuthenticationAPIClient is created with it.
private AuthenticationAPIClient auth0Client;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);



setContentView(R.layout.activity_login);



Auth0 account = new Auth0(getString(R.string.com_auth0_client_id), getString(R.string.com_auth0_domain));

auth0Client = new AuthenticationAPIClient(account);



//...

}
Create the method that will hold the logic to exchange the two obtained artifacts for Auth0 user credentials. In the sample, this method is named exchangeTokens.The API client declares the method loginWithNativeSocialToken that receives a token and a subject type. The former corresponds to the session token, and the latter indicates what type of connection the backend will attempt to authenticate with.For native Facebook Login, you will use the following value: "http://auth0.com/oauth/token-type/facebook-info-session-access-token"Other values that need to be configured are the user profile (using the user_profile key) and the scope you request the Auth0 tokens contain.
It’s a good practice to keep all the values that you know won’t change as constants at the top of the class. The sample makes use of constants for the subject token type, the Facebook permissions, and the Auth0 scopes. You can read more about Auth0 scopes in the dedicated article.
11

Update performLogin method

Now that every step is defined in its own method, it’s time to put everything together inside the performLogin method.If everything went well, you should now be able to authenticate natively with the Facebook Login SDK. This means that if the Facebook app is installed on the device, the authentication will be handled via the application and not a browser app.