Facebook Login Flow, helping understand me the need for the debug token call?

Question

I'm doing a facebook app and I've followed the custom login flow instructions and I have a question on the last step:

1) I start by doing a call to /dialog/oauth to get a login code.

2) With the code I will request an access token, by hitting the graph.facebook.com/oauth/access_token and that's fine as well.

3) The instructions now say I should validate the code and token to make sure they are from the sources that requested them.

GET graph.facebook.com/debug_token?
     input_token={token-to-inspect}
     &access_token={app-token-or-admin-token}

My questions are:

• What is the input_token in my scenario?
• Do I need to do this in my flow? And why if yes?

If I just pass the same value(access_token) in both parameters I get a valid anwser but I don't know if this makes sense.

Thanks in advance.

Answer 1

This question has already been asked: how to verify facebook access token?

And: Verify Facebook Access Token for specific App

And: verification code example

It's simply a unit test to see if your code is still valid (to catch a bug early so it can't do any big damage).

If the access token is not valid, you can for example show a message to the user that there is a bug etc.