Exchange Facebook Access Token with A JWT from my Backend

Question

I'm developing an Android mobile app. I have successfully implemented Facebook Login as instructed here.

After the user successfully logs in using Facebook, I'd like to send the Facebook access token to my back-end, which will respond with a JWT, that can be used by the mobile app to call my back-end API endpoints. Then I have to manage the life-cycle of the JWT in the mobile app (validity and expiration date).

I will implement other ways of login (Gmail and Whatsapp). It's better for my backend to exchange valid access tokens with its own JWT, and then other endpoints don't have to bother supporting several access token types.

Questions:

• Is this a feasible way of implementing things?
• If so, please guide me on how to send the access token to my backend, and how to manage the life-cycle of the JWT. Are there libraries that can help achieving these tasks?

For my backend, I'm in full control of things. For Android, this is my first serious Android app.

Thanks in advance

Answer 1

Here is an answer to my question. I need to learn how to get the access token, how to make an HTTP request, how to store the JWT securely.

• To get FB access token and its changes, AccessTokenTracker can be used.
• How to securely store access token and secret in Android?
• To make HTTP requests, Volley is an HTTP library that makes networking for Android apps easier and most importantly, faster.

I'll update the question later.