0

I have an iOS application that allows users to login with Facebook (via the Facebook Swift SDK). This returns the an access token for the user, which is specific to that app.

The user's facebook access token is passed to my NodeJS API where its authenticity needs to be checked. How can I do this? Basically, I need to check that Facebook has given the user this access token specifically for use with my app.

Once this is done, I will just use my API's standard JWT access and refresh tokens to authenticate future requests.

F.Brown
  • 45
  • 2
  • 6

1 Answers1

0

You can use the Debug Token endpoint within the facebook api, which provides if the token is still valid and which application the token is valid for.

Showard180
  • 405
  • 6
  • 6
  • Thanks for such a quick response! One last thing, if I wanted to now fetch the user's email from FB Graph API, how can I do so without using OAuth2? – F.Brown Jul 11 '18 at 16:39
  • Found it: https://graph.facebook.com/me?fields=email&access_token=${users_access_token} – F.Brown Jul 11 '18 at 16:55
  • Turns out this is incorrect, it only checks API access tokens, not user access tokens. This error is returned when I attempt to validate a user access token: `data: {"error":{"message":"(#100) You must provide an app access token or a user access token that is an owner or developer of the app","type":"OAuthException","code":100,"fbtrace_id":"UVITY72huefr"}}` – F.Brown Jul 13 '18 at 07:08