The authorization section of this page developers.facebook.com / docs / api contains a good description on how to perform authentication for a user agains my Facebook app. However, in my scenario I cannot get it to work the way I want. Here is how it is supposed to work:
User comes to my login page and clicks a "Sign in with Facebook" link.
User gets redirected to graph.facebook.com / oauth /authorize?[some params] and authorizes my Facebook app to access his/her data. Facebook redirects back to my site.
My site checks the Code parameter, calls Facebook to replace it for an access token, and then lets the user connect his/her account on my site with the account on Facebook. The access token is saved on the user account on my site.
The next time user arrives at my site and want to login, he/she should be able to click the same "Sign in with Facebook" link and directly get signed in with the site account (assuming he/she is still logged into Facebook)
Problem: Each time the code (from graph.facebook.com / oauth/authorize) is replaced for an access token, the token is changed. Since that token is used to look up the user in my site database, the matching failes.
My question is now: How do I solve this problem? Can the Code parameter from graph.facebook.com /oauth/authorize be saved and used over and over again to look up user? Or is there another way to do this? I really would prefer NOT using the Javascript API since it gives me lots of other troubles.
[Sorry about the links, I am a new user and not allowed to post more than one link]