0sc
commented
8 years ago We'll need to modify the request to Facebook a bit. The URL "https://graph.facebook.com/me" always returns the information of belonging to the owner of the facebook access token used. That means whoever registered for the access token being used by the app, not the users of the app.
To get it to work for any user, we use this URL https://graph.facebook.com/v2.6/[FACEBOOK ID]?fields=a,b,c&access_token=[ACCESS_TOKEN]. This implies that frontend will send not only the access_token (because with this we can only get the info of whoever registered the app being used by the frontend) but also the user_id of the user that just authorized their app on facebook.
This will also allow us check our db first for the user before making request to FB.
enables users to get authenticated and users can log out