Facebook as Identity Provider: How to switch App to live mode (502 Error, missing state parameter)


I am currently trying to add a few identity providers to our keycloak instance. I connected Github, Google and Linkedin successfully.

Now I am trying to add Facebook. I created an App and configured the callback URL and added ID and Secret to Keycloak.

Now I want to switch the Facebook App to live mode, but it won’t let me, as the facebook broker endpoint returns a 502 error. I guess the crawler does not send the state parameter for the health check request. But I can’t put the app in live mode without a positive 2xx http response.

Did anyone else encounter this and can give a any advice on how to fix this?

Thank you so much in advance.

Kind regards,


1 Like

Yes, I’m having the same issue (Keycloak v23.0.6). I can’t see a way around this issue currently :frowning:

@ericstumper I have an update which I hope is useful. From what I can see the instructions for setting up the Facebook App are incorrect. I’ve had success with the following setup:

App Settings > Basic

App Domains: {keycloakDomain}

Site URL: https://{keycloakDomain}/auth/realms/{realmName}/

Note: The Site URL is NOT the Redirect URL from Keycloak as the instructions suggest it should be. That is configured below.

Facebook Login > Settings

Valid OAuth Redirect URIs: https://{keycloakDomain}/auth/realms/{realmName}/broker/facebook/endpoint/

Let me know if this works for you!