Trouble validating a Facebook token

Question

I'm building a small Facebook login library for OS X. This isn't because there are no SDKs out there, but because I'd like something native to Cocoa that can encapsulate the login process. I'v successfully requested an access token from the Facebook login URL. I use this string format to perform the login:

https://www.facebook.com/dialog/oauth?client_id=%@&redirect_uri=%@&response_type=token

For the redirect_uri field I pass https://www.facebook.com/connect/login_success.html as per the Facebook documentation. I take whatever that response is and parse the URL. I'll either get a token or a failure. The token seems to come back okay. The trouble is in the next step.

Immediately after receiving my token, I attempt to validate it. I use the "debug" endpoint, like so:

https://graph.facebook.com/debug_token?input_token=%@&access_token=%@

I pass my new token as the input_token and this is where it gets sticky. I've tried passing my client token, but that causes the following error:

The operation couldn’t be completed. (Invalid OAuth access token. error 190.)`

If I pass my app ID | app secret, I get a different error:

The operation couldn’t be completed. ((#100) You must provide an app access token or a user access token that is an owner or developer of the app error 100.)

I'm not sure what's happening here, or what to do. Can anyone point me in the right direction?

Answer 1

The debug API is for if you want to do things as the app, not as the user. Once a user has logged in, all you need is their access token to get info about them, read their info, publish things (all of course assuming you have an access token with permissions to do what you're trying to do). So in your case, now that you have an access token, go ahead and try getting info about the user using

https://graph.facebook.com/me?access_token=%@

and you'll get back something like this:

{
   "id": "542440888",
   "name": "Max Rabin",
   "first_name": "Max",
   "last_name": "Rabin",
   "link": "https://www.facebook.com/MY_USER_NAME",
   "username": "MY_USER_NAME",
   "birthday": "11/22/YEAR",
   "hometown": {
      "id": "110970792260960",
      "name": "Los Angeles, California"
   },
   "location": {
      "id": "110970792260960",
      "name": "Los Angeles, California"
   },
   "bio": "There are 10 kinds of people in this world.\r\n01: Those who know trinary\r\n02: Those who don't\r\n10: Those who confuse it with binary",
   "gender": "male",
   "email": "MY_EMAIL",
   "timezone": 2,
   "locale": "en_US",
   "languages": [
      {
         "id": "106059522759137",
         "name": "English"
      }
   ],
   "verified": true,
   "updated_time": "2013-10-21T10:02:49+0000"
}