0

I encounter a problem about to verify facebook user id and access token. In the app you need to register with facebook to get started. When an user get authenticated with facebook, we send the token and user_id to backend to insert into related table. But we have to know that the token belongs to the user. We saw a couple soution about it:

https://stackoverflow.com/a/8608017/1664109

And this

https://stackoverflow.com/a/20518868/1664109

So how to verify a token and user_id without send request to facebook ? Is there a way ?

Community
  • 1
  • 1
RockOnGom
  • 3,893
  • 6
  • 35
  • 53

2 Answers2

2

based on Facebook's documentation:

as Facebook makes changes to what is stored in them and how they are encoded.

I would say it's not possible to reliably "parse" a token.

avs099
  • 10,937
  • 6
  • 60
  • 110
1

Without sending a request to Facebook? No. But you can use the Access Token with a call to the /me endpoint. You will get the ID, and you can compare it to your stored one.

andyrandy
  • 72,880
  • 8
  • 113
  • 130