如果你让服务器使用的访问令牌，你可以做这样的事情抓取用户信息：

If you make the server fetch the user info using the access token you can do something like this:

1. 请客户端OAuth认证并获得访问令牌


2. 发送访问令牌后端，并获得用户信息，包括使用此令牌Facebook的API Facebook的ID


3. 服务器将存储散列ID（的cookie = ID +：+哈希（ID +密码））的一个HTTP cookie


4. 请您注册/登录的事情


5. 在每一个请求到服务器的后端将通过与秘密重新计算哈希，并将其与值从cookie验证比较从Cookie ID

1. do client side OAuth authentication and receive an access token
2. send the access token to your backend and get the user info including the Facebook ID with the Facebook API using this token
3. The server will store the hashed ID (cookie = id + ":" + hash(id + secret)) in an HTTP cookie
4. Do your registration/login thing
5. On each request to the backend of the server will validate the id from the cookie by recomputing the hash with the secret and comparing it with the value from the cookie