Verify oauth.io facebook access token

Question

I am using oauth.io to handle authentication in an Android app. I login using the service and then pass the access token to the server. As part of the server-side verification, I make a call to https://graph.facebook.com/debug_token?input_token={user access token}&access_token={app token}. I was receiving a response with the error message "(#100) The App_id in the input_token did not match the Viewing App".

I took this to mean that the app that generated the access token was not the same as the app that owns the app token I was sending in the request. Upon further inspection, I noticed that when I debugged the token with Facebook's tool (https://developers.facebook.com/tools/debug/accesstoken) I was seeing a different app id that belonged to oauth.io itself instead of my app. Since the app token is based on the app id and app secret, it obviously would not be correct if it was expecting oauth.io's app token.

Is there any way to continue using the debug_token endpoint through Facebook with a token generated by oauth.io?

Answer 1

Sorry this is a bit late - but it may still help you :) I had the same issue. In my perl code, I just did:

    use LWP::Simple;
    my $check_session_first = LWP::Simple::get("https://graph.facebook.com/me?access_token=$in->{token}");

    if (!$check_session_first) {
        print $IN->header;
        print Links::SiteHTML::display('error', { error => qq|Sorry, we couldn't log you in. |});
        return;
    }

Basically, if $check_session_first is empty, then it means the session isn't valid. If its valid, it'll return a JSON object (which in my case, I process using the "JSON" perl module)