i recently started working on a project that it required a Facebook login button. I have successfully set up the button apart from the part where I must redirect the user to my dashboard area which must only be accessible to registered users.
From my understanding I need to fill this field here in the developers facebook settings page
which will redirect the user to my dashboard. I am guessing that the redirection link must include a token which will login the user automatically in my dashboard. Am I right so far? My concern is if that link can be accessed by anyone and if someone get their hands on it can use it to login to my app without registering.