How can I get a signed access token from facebook using OAuth 2.0?

Question

I want to identify the an android native app user on my web service. I don't want to include a secret in my java, as that would be trivial to find. Using the javascript sdk on the website, the token is signed and I can verify it with the shared secret on the server, but the android sdk just gets a token.

I had hoped that I could pass the token and the signature to my web service and then I could verify that the actions the user were taking were authorized. Is there a way to get a signature of an access token (and the shared secret) already granted from facebook?

Answer 1

I ended up just passing the auth token to my web service, having the server verify it's valid (by getting graph.facebook.com/me) and then creating my own signed token that I sent back. I authorize based on that token from then on... Kinda lame.