Suppose I want to maintain an external databse of facebook users. Is this correct:
- Ask user to login to my app using FB SDK
- FB returns authentication token
- Send that token with facebook user’s ID to my own server
- On my server, verify the token via FB SDK
- If verified, allow user’s database submission.
Where does X-Auth come into play?