Home/ Questions/Q 9149547
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T11:29:31+00:00

I’m writing an Android app that I would like to authenticate with Facebook, and

  • 0

I’m writing an Android app that I would like to authenticate with Facebook, and then contact my own web server after a session has been established with Facebook. My web server communicates with the Android app via JSON only, so I can’t redirect the web page to get the user the log in.

I can send the access token and user ID from Facebook to the web server, but I need a way of validating the input.

I’ve looked at some other threads (namely this and this), and it looks like there are multiple ways to communicate a user’s login status to a remote web server.

Which method here is standard? Are there any trade-offs I should be aware of?

  1. $Facebook->getUser() will give me the ID of the user that is currently requesting the page (does this work if the web page isn’t authenticated, but the mobile app is?)
  2. $Facebook->getAccessToken() will give me the session key of the logged in user (same question as in 1)
  3. $Facebook->api('/me') will not return null as long as someone is logged in
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just send the access token over a HTTPS connection to your server, and you can validate it with a call to /me and /app to verify that the app and user ID both match what you expect

    See also the Access Token debug endpoint: https://developers.facebook.com/docs/howtos/login/debugging-access-tokens/

    • 0