How to request additional claims with Facebook authentication

Question

I have created a new ASP.net Core 3.0 website, with individual user authentication from the .net project template.

I am storing users by registering directly on the site or using facebook. Here's what my Startup.cs looks like:

public void ConfigureServices(IServiceCollection services)
{
     services.Configure<CookiePolicyOptions>(options => {
           // This determines user consent for non-essential cookies is needed for a given request.
           options.CheckConsentNeeded = context => true;
           options.MinimumSameSitePolicy = SameSiteMode.None;
      });

      services.AddDbContext<ApplicationDbContext>(options => {
           options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
      });

      services.AddAuthentication()
           //.AddMicrosoftAccount(microsoftOptions => {  })
           //.AddGoogle(googleOptions => {  })
           //.AddTwitter(twitterOptions => {  })
           .AddFacebook(facebookOptions =>
           {
               facebookOptions.AppId = "x";
               facebookOptions.AppSecret = "y";
           });

    ...
}

This all works fine and using the default template I can Register/Login as expected.

When I login via Facebook, I'm given five default pieces of claims information about the user:

name identifier
email address
given name
name
surname

What I need to do is extend the code so it does more than the default and gives me access to the users:

phone number
address
postcode

(Obviously with the users consent)

I've been reading the documentation (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/facebook-logins?view=aspnetcore-3.1) but it seems to be more about configuring the authentication provider than additional claims info.

Has anyone done this? Maybe it's not possible?

Thanks for any pointers in advance.

Is it not `facebookOptions.Scope`? Though [this answer](https://stackoverflow.com/a/47901211/3181933) suggests that you can't get phone number. Not sure about address and post code. — Llama, Jan 17 '20 at 00:40

Anuraj · Accepted Answer · 2020-01-17T09:01:27.617

2

From: Persist additional claims and tokens from external providers in ASP.NET Core - If the app requires additional scopes, add them to the options. For example, in Facebook, you can add scopes like this.

services.AddAuthentication().AddFacebook(facebookOptions =>
{
    facebookOptions.AppId = "4387237897237";
    facebookOptions.AppSecret = "23498423808320849082308";
    facebookOptions.Scope.Add("email");
    facebookOptions.Scope.Add("user_location");
    facebookOptions.Scope.Add("user_birthday");
});

Which will show details like this - login screen more details.

edited Jan 17 '20 at 09:01

answered Jan 17 '20 at 04:52

Anuraj

16,332
6
48
71

I think this is almost what I need. What would the equivalent of this be for the facebook api? I'd like to request the `user_location` claim, for example, mentioned in the api reference (https://developers.facebook.com/docs/facebook-login/permissions). What would the schema be when adding the scope for it? Thanks! – Rob McCabe Jan 17 '20 at 07:25
1

Updated the answer with Facebook-specific permissions. – Anuraj Jan 17 '20 at 09:01

How to request additional claims with Facebook authentication

1 Answers1