I have a similar problem and your proposed solution won’t work.
I need to validate a facebook token before the user can log in. I’ve written a custom script service that handles this in php, but i’ve got no session token to provide so I can’t access the service and I can’t make a certain service public.
I can’t use the facebook oauth you provide because well it’s a mobile app that uses native fb login integration. Still the token must be checked with a http request on the server side.
Thx.