Facebook Integration with Android

Question

For an application I'm working on, I'm trying to implement the facebook sdk to include the option for users to create an account and login, but I'm currently stuck trying to figure out how it's going to work. After the facebook dialog appears, and the user logs in, what information do I need to send to my server for this? The standard login consists of a username/password combination, but by generating a token with Facebook, that doesn't happen. My thought was, "just store the token facebook generates and send that to the server"... but what happens once that expires? How can the server be guaranteed that it's still the same user? So my question is, what data should be sent to my server to create a new account, and to log that user in again later?

Answer 1

From facebook developers page if you read the Refreshing Long-Lived Tokens says :

Even the long-lived access token will eventually expire. At any point, you can generate a new long-lived token by sending the person back to the login flow used by your web app - note that the person will not actually need to login again, they have already authorized your app, so they will immediately redirect back to your app from the login flow with a refreshed token - how this appears to the person will vary based on the type of login flow that you are using, for example if you are using the JavaScript SDK, this will take place in the background, if you are using a server-side flow, the browser will quickly redirect to the Login Dialog and then automatically and immediately back to your app again.

So, the procedure you have to follow seems to be something like :

1. User login first time -> you will receive the access token
2. Send the access token to your database and store it
3. Produce in your server your unique token and send it back to the user
4. Store the received token to the user's device
5. Let the expiration issues to the Facebook and just handle the case of the paragraph above