Login with Facebook without email address

Hi everyone,

We’re using Okta as the auth provider for our app, and are using Facebook as one of the identity providers, so users can login using their FB accounts. We’ve recently hit a snag: Okta seems to require FB to provide the user’s email address, but that is not a sure thing - for example, users can opt out of sharing their email addresses with Okta.

When this happens, the login process fails with something like:

Unable to process the username transform. A required property is missing. Missing field: ‘email’.

I can’t seem to find any docs describing how Okta can be configured to handle this - for example, by re-prompting for the info, or by generating a fake email address.

I was wondering if anyone out there had experienced the same issue, and how you tackled it.

Thanks

Hi @tiagojsag! You are right Okta requires the email address for the following purpose:

By default, Okta requires the email attribute for a user. The email scope is required to create and link the user to Okta’s Universal Directory.

https://developer.okta.com/docs/guides/add-an-external-idp/facebook/configure-idp-in-okta/

I don’t see a current way around this other than to let users know to share their email. I would also encourage you to create a feature request on our Ideas portal to let our product team know about this option on FB’s end - ideas.okta.com.