验证特定应用程序的 Facebook 访问令牌

我需要验证我的 iPhone 应用上的用户是否真的登录了我的 Facebook 应用.我可以通过使用他们的访问令牌检索来验证他们的用户 ID:

I need to verify that users on my iPhone app are actually logged in to my Facebook app. I'm able to verify their user id by retrieving it with their Access token:

https://graph.facebook.com/me?fields=id&access_token=XXXXXXXXXXXXXXX一个>

我预见的安全问题是，他们可以向我发送任何有效的访问令牌，并且会返回他们的用户 ID.我还需要验证此令牌是否适用于我的特定应用程序.有没有办法在此请求中返回应用程序 ID 以进行验证?

The security issue I foresee is that, they can send me any valid access token, and it will return their user id. I need to also validate this token is for my specific app. Is there a way to return the Application ID in this request to validate that?