-1

I'm building an app that allows users to sign up with facebook login. Facebook login gives us an expiring access token.

So far I've thought through having the phone app collect the facebook access token itself and it should POST it to the api. The api can search to see if it's seen this token before and if it hasn't the api should generate a new user account.

However the facebook docs mention that this token expires. If a user's token expires and they provide a new token to my api, the api will generate a new account for the existing user. How should I solve this?

Harry Moreno
  • 10,231
  • 7
  • 64
  • 116

1 Answers1

0

Use the access token to access https://graph.facebook.com/me?fields=id, which will give you the user's unique ID for your application. Use that as the primary key.

You can try this out with the graph explorer tool https://developers.facebook.com/tools/explorer/

You'll get a response like

{
  "id": "10123455041265200"
}

Docs https://developers.facebook.com/docs/graph-api/reference/user/

Harry Moreno
  • 10,231
  • 7
  • 64
  • 116
ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • 1
    @HarryMoreno That would be silly when an ID is already available and perfect for this. Some FB users don't have an email (you can sign up with phone number instead) and some people change their emails frequently. All users have an ID, it never changes for that user, and it's made exactly for identifying a user. – ceejayoz Sep 11 '18 at 18:50
  • For logging in the app should get the token, request the fb userId and query my api to see if there is already a user with this userId. If not show the user another form to finish signup. If userId is already in our api send back an auth token for the app to store. – Harry Moreno Sep 18 '18 at 19:36