diff --git a/YYeTsFE b/YYeTsFE
index b0961e2..378c39e 160000
--- a/YYeTsFE
+++ b/YYeTsFE
@@ -1 +1 @@
-Subproject commit b0961e29865e2af251338039692142219dc630b9
+Subproject commit 378c39ee36be7fa5d37a4d610d7c9df954c66b57
diff --git a/yyetsweb/handler.py b/yyetsweb/handler.py
index f409abe..6469e0a 100644
--- a/yyetsweb/handler.py
+++ b/yyetsweb/handler.py
@@ -1029,8 +1029,12 @@ class OAuth2Handler(BaseHandler, OAuth2Mixin):
             args.update(extra_fields)
         return requests.post(self._OAUTH_ACCESS_TOKEN_URL, headers={"Accept": "application/json"}, data=args).json()
 
-    def oauth2_sync_request(self, access_token):
-        return requests.get(self._OAUTH_API_REQUEST_URL, headers={"Authorization": f"Bearer {access_token}"}).json()
+    def oauth2_sync_request(self, access_token, extra_fields=None):
+        return requests.get(
+            self._OAUTH_API_REQUEST_URL,
+            headers={"Authorization": f"Bearer {access_token}"},
+            params=extra_fields
+        ).json()
 
     def get_secret(self, settings_key):
         settings = self.settings.get(settings_key)
@@ -1117,3 +1121,28 @@ class TwitterOAuth2LoginHandler(TwitterMixin, OAuth2Handler):
             self.add_oauth_user(username, "Twitter")
         else:
             await self.authorize_redirect(extra_params={"x_auth_access_type": "read"})
+
+
+class FacebookAuth2LoginHandler(OAuth2Handler):
+    _OAUTH_AUTHORIZE_URL = "https://www.facebook.com/v16.0/dialog/oauth"
+    _OAUTH_ACCESS_TOKEN_URL = "https://graph.facebook.com/oauth/access_token"
+    _OAUTH_API_REQUEST_URL = "https://graph.facebook.com/me"
+
+    def get(self):
+        client_id, client_secret, redirect_uri = self.get_secret("fb_oauth")
+        code = self.get_argument('code', None)
+        if code:
+            access = self.get_authenticated_user(
+                client_id, client_secret, code,
+                {"redirect_uri": redirect_uri}
+            )
+            resp = self.oauth2_sync_request(access["access_token"], {"fields": "email"})
+            email = resp["email"]
+            self.add_oauth_user(email, "Facebook")
+
+        else:
+            self.authorize_redirect(
+                redirect_uri=redirect_uri,
+                client_id=client_id,
+            )
+
diff --git a/yyetsweb/server.py b/yyetsweb/server.py
index eb08fbe..4f47103 100644
--- a/yyetsweb/server.py
+++ b/yyetsweb/server.py
@@ -21,19 +21,20 @@ from tornado import httpserver, ioloop, options, web
 from tornado.log import enable_pretty_logging
 
 import dump_db
-from Mongo import OtherMongoResource, ResourceLatestMongoResource
 from handler import (AnnouncementHandler, BlacklistHandler, CaptchaHandler,
                      CategoryHandler, CommentChildHandler, CommentHandler,
                      CommentNewestHandler, CommentReactionHandler,
                      DBDumpHandler, DoubanHandler, DoubanReportHandler,
-                     GitHubOAuth2LoginHandler, GoogleOAuth2LoginHandler,
-                     GrafanaIndexHandler, GrafanaQueryHandler,
-                     GrafanaSearchHandler, IndexHandler, LikeHandler,
-                     MetricsHandler, MSOAuth2LoginHandler, NameHandler,
-                     NotFoundHandler, NotificationHandler, ResourceHandler,
-                     ResourceLatestHandler, SpamProcessHandler, TopHandler,
-                     TwitterOAuth2LoginHandler, UserEmailHandler, UserHandler)
+                     FacebookAuth2LoginHandler, GitHubOAuth2LoginHandler,
+                     GoogleOAuth2LoginHandler, GrafanaIndexHandler,
+                     GrafanaQueryHandler, GrafanaSearchHandler, IndexHandler,
+                     LikeHandler, MetricsHandler, MSOAuth2LoginHandler,
+                     NameHandler, NotFoundHandler, NotificationHandler,
+                     ResourceHandler, ResourceLatestHandler,
+                     SpamProcessHandler, TopHandler, TwitterOAuth2LoginHandler,
+                     UserEmailHandler, UserHandler)
 from migration.douban_sync import sync_douban
+from Mongo import OtherMongoResource, ResourceLatestMongoResource
 from utils import Cloudflare
 
 enable_pretty_logging()
@@ -74,6 +75,7 @@ class RunServer:
         (r'/auth/google', GoogleOAuth2LoginHandler),
         (r'/auth/twitter', TwitterOAuth2LoginHandler),
         (r'/auth/microsoft', MSOAuth2LoginHandler),
+        (r'/auth/facebook', FacebookAuth2LoginHandler),
 
         (r'/(.*\.html|.*\.js|.*\.css|.*\.png|.*\.jpg|.*\.ico|.*\.gif|.*\.woff2|.*\.gz|.*\.zip|'
          r'.*\.svg|.*\.json|.*\.txt)',
@@ -87,6 +89,7 @@ class RunServer:
         "google_oauth": {"key": os.getenv("GOOGLE_CLIENT_ID"), "secret": os.getenv("GOOGLE_CLIENT_SECRET")},
         "github_oauth": {"key": os.getenv("GITHUB_CLIENT_ID"), "secret": os.getenv("GITHUB_CLIENT_SECRET")},
         "ms_oauth": {"key": os.getenv("MS_CLIENT_ID"), "secret": os.getenv("MS_CLIENT_SECRET")},
+        "fb_oauth": {"key": os.getenv("FB_CLIENT_ID"), "secret": os.getenv("FB_CLIENT_SECRET")},
         "twitter_consumer_key": os.getenv("TWITTER_CONSUMER_KEY"),
         "twitter_consumer_secret": os.getenv("TWITTER_CONSUMER_SECRET"),
     }