Silly question: authentication via facebook

Suppose I want to maintain an external databse of facebook users. Is this correct:

  1. Ask user to login to my app using FB SDK
  2. FB returns authentication token
  3. Send that token with facebook user’s ID to my own server
  4. On my server, verify the token via FB SDK
  5. If verified, allow user’s database submission.

Where does X-Auth come into play?