Open SamJWeissman opened 6 years ago
@SamJWeissman What you do with the access token depends on the needs of your Client/API. If the sole purpose is to use Facebook as a quick means of verifying user identities, then storing the tokens is not necessary. But, If your application required further interactivity with Facebook (posting on users wall, fetching extra profile data) then you'll need to store their access token for making future request to Facebook's API.
@cryptojuice
Awesome! Thank you for the details, appreciate your help!
You only stated the use of accessToken
.
What about the use of refreshToken
?
This may be a stupid question but since I haven't found any solid explanations on Google just yet figured I'd ask.
What am I supposed to do with accessToken and refreshToken?
I am able to login the user via Facebook using the Facebook strategy and example routes. However, I didn't use either token and did not persist either token to my database. Are they just being used behind the scenes or should I be doing something with them?
Thank you in advance!