public async Task <ActionResult <ApiResponse <JwtToken> > > Facebook([FromBody] FacebookAuthViewModel model) { // 1.generate an app access token var appAccessTokenResponse = await Client.GetStringAsync($"https://graph.facebook.com/oauth/access_token?client_id={_fbAuthSettings.AppId}&client_secret={_fbAuthSettings.AppSecret}&grant_type=client_credentials"); var appAccessToken = JsonConvert.DeserializeObject <FacebookAppAccessToken>(appAccessTokenResponse); // 2. validate the user access token var userAccessTokenValidationResponse = await Client.GetStringAsync($"https://graph.facebook.com/debug_token?input_token={model.AccessToken}&access_token={appAccessToken.AccessToken}"); var userAccessTokenValidation = JsonConvert.DeserializeObject <FacebookUserAccessTokenValidation>(userAccessTokenValidationResponse); if (!userAccessTokenValidation.Data.IsValid) { throw new WebApiApplicationException(StatusCodes.Status409Conflict, ErrorMessages.InvalidFbToken, MethodBase.GetCurrentMethod().GetParameters()); } // 3. we've got a valid token so we can request user data from fb var userInfoResponse = await Client.GetStringAsync($"https://graph.facebook.com/v2.8/me?fields=id,email,first_name,last_name,name,gender,locale,birthday,picture&access_token={model.AccessToken}"); var userInfo = JsonConvert.DeserializeObject <FacebookUserData>(userInfoResponse); var registerUser = new RegisterUserViewModel() { FirstName = userInfo.FirstName, LastName = userInfo.LastName, FacebookId = userInfo.Id, Email = userInfo.Email, PictureUrl = userInfo.Picture.Data.Url }; JwtToken result = await _auth.ExternalAuthenticationAsync(registerUser); if (result == null) { throw new WebApiApplicationException(StatusCodes.Status401Unauthorized, ErrorMessages.InvalidUser); } return(Ok(result, InfoMessages.UserSignin)); }