However, this requires that you know the app secret. I assume this isn’t shared for the Expo Facebook App that expo-facebook uses.
The expo api for expo-facebook mentions a signedRequest, but this isn’t actually provided and even if it was you’d still require the secret.
So how is one supposed know if the token is a valid one?
I tried looking into expo-app-auth as a way to use Facebook that would allow me to continue to use the expo client. But there doesn’t seem to be any working examples of that.
Hi @mblarsen
I’m not sure if the following topic explains what you mean.
If you want to verify the fbToken server side, you server should first (A) get an access token specifying appId and appSecret, then with the access_token received you can verify (B) the fb Token got from the logInWithReadPermissionsAsync in expo-facebook
When I try the A request (my data are removed for privacy)
Yeah, this is the approach that I link to in my question. Pretty straight forward¸however, the facebook is locked to the expo’s facebook app, not mine. So I don’t have the secret and therefore cannot use that solution.