facebook user access token across different platforms

Question

I was wondering if user access tokens that are recieved through one platform can be used to access and make facebook calls through another.

For example:

I have a mobile app and a web server that work together. A user signs in through facebook on the mobile app(through single-sign-on). The user then uses the mobile app in a way that an internal service requires that an external service call to facebook is necessary. The internal services relays this to the web server, and the web server makes the actual call to facebook.

Work flow:

• User signs into mobile app

• mobile app sends user access token + service call needed to web server

• Web server makes external call to facebook and returns information to mobile app.

So in short, the mobile app is not making the facebook calls, but the web server is.

My question is that if I authenticate a user through the mobile app, can I pass(and store) the users access token and use that to make calls to facebook through the web server?

Answer 1

The answer is yes.

I've done this successfully with mobile SDKs (Android & iOS) using the Facebook authentication to obtain an access token, then passing this access token to a PHP web application which successfully uses it with the PHP SDK client library.

The access token is also the only piece of information that needs to be transmitted.

As long as the application key and secret are the same on both clients, an access token should be valid on either.