Based on my understanding of Facebook's implementation of OAuth 2.0 it is possible to obtain a short term client token without making use of the Facebook App Secret. (You are able to do so by only using the App ID and by redirecting to URL on an App Domain that you own.) However, from what I can tell, this strategy doesn't support validation with this use case. Does this strategy support this use case? In principle, is it possible to add this use case to this strategy?
Based on my understanding of Facebook's implementation of OAuth 2.0 it is possible to obtain a short term client token without making use of the Facebook App Secret. (You are able to do so by only using the App ID and by redirecting to URL on an App Domain that you own.) However, from what I can tell, this strategy doesn't support validation with this use case. Does this strategy support this use case? In principle, is it possible to add this use case to this strategy?