I am creating an Android application for a website that uses an FB connection to associate its user data with FB user data by FB ID. When I allow the user to log in through the Android Android SDK, I get an access token for which I can request data on behalf of the user. I would like to send an access token to the server and ask the server to request a user ID to create a local session and send me user data specific to this website. Does Facebook provide an access token in this way (authenticate from the device and then request data from a server with the same token)? An alternative is to use the SDK on the device to retrieve the FB user ID and then transfer it to the server, but I believe it is not very safe to only allow the session to be created with the FB user ID. That would be easy to bring to life.
What is the typical scenario for this use case (log in via the Facebook SDK to create a session in your own web application where user data is already connected)?
source share