Long story short…
It seems that Bitwarden send OIDC scope “profile” which is not supported by Facebook. It seems that Facebook using scope “user_profile”.
Long story full…
Facebook is using its non standard OIDC-like Facebook Connect. But they also introduced Limited Login that wraps an standard OpenID Connect token. So, OIDC well-known configuration is also available: h-t-t-p-s://www.facebook.com/.well-known/openid-configuration
There is a how-to get OIDC credentials for Facebook:
1] Create the Facebook App
h-t-t-p-s://plugins.miniorange.com/oauth-openid-login-using-facebook
Do not forget to switch created App from Developer state to Live state (Public state), otherwise you will receive error 500.
see PICTURE-1
2] Configure Bitwarden
h-t-t-p-s://bitwarden.com/help/article/configure-sso-oidc/
![2022-01-08 22_36_07-Webový trezor Bitwarden|376x500]
see PICTURE-2
Do not forget to setup your Organization Identificator.
But it will fail during the test because of Bitwarden send OIDC scope profile to Facebook:
see PICTURE-3
If you change catch and change Bitwarden URL call from OIDC scope profile to user_profile, you will pass Facebook login but it will fail in Bitwarden after callback.
h-t-t-p-s://sso.bitwarden.com/connect/authorize?client_id=oidc-identity&redirect_uri=https%3A%2F%2Fidentity.bitwarden.com%2Fsignin-oidc&response_type=code&scope=openid%20user_profile&code_challenge…
see PICTURE-4
Pictures:
