如何获取用户访问令牌？

我看到你正在使用php-sdk。因此，你需要让你的朋友使用类似示例中的脚本来访问你的应用程序：

<?php
/**
 * Copyright 2011 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may
 * not use this file except in compliance with the License. You may obtain
 * a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */

require '../src/facebook.php';

// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
  'appId'  => '191149314281714',
  'secret' => '73b67bf1c825fa47efae70a46c18906b',
));

// Get User ID
$user = $facebook->getUser();

// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

// Login or logout url will be needed depending on current user state.
if ($user) {
  $logoutUrl = $facebook->getLogoutUrl();
} else {
  $loginUrl = $facebook->getLoginUrl(array('scope'=>'offline_access'));
}

// This call will always work since we are fetching public data.
$naitik = $facebook->api('/naitik');

?>
<!doctype html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
  <head>
    <title>php-sdk</title>
    <style>
      body {
        font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
      }
      h1 a {
        text-decoration: none;
        color: #3b5998;
      }
      h1 a:hover {
        text-decoration: underline;
      }
    </style>
  </head>
  <body>
    <h1>php-sdk</h1>

    <?php if ($user): ?>
      <a href="<?php echo $logoutUrl; ?>">Logout</a>
    <?php else: ?>
      <div>
        Login using OAuth 2.0 handled by the PHP SDK:
        <a href="<?php echo $loginUrl; ?>">Login with Facebook</a>
      </div>
    <?php endif ?>

    <h3>PHP Session</h3>
    <pre><?php print_r($_SESSION); ?></pre>

    <?php if ($user): ?>
      <h3>You</h3>
      <img src="https://graph.facebook.com/<?php echo $user; ?>/picture">

      <h3>Your User Object (/me)</h3>
      <pre><?php print_r($user_profile); ?></pre>
    <?php else: ?>
      <strong><em>You are not Connected.</em></strong>
    <?php endif ?>

    <h3>Public profile of Naitik</h3>
    <img src="https://graph.facebook.com/naitik/picture">
    <?php echo $naitik['name']; ?>
  </body>
</html>

接下来你需要：

1. 授予offline_access权限
2. 存储返回的access_token
3. 每次查询好友分数时使用该令牌$facebook->api('friend_id/scores?access_token=$stored_access_token');

请参考Facebook的认证流程文档，了解更多相关信息。 http://developers.facebook.com/docs/authentication/ 这是最好的起点，以便了解它是如何工作的。
1.获取用户的许可和access_token
2.您可以使用此access_token作为“密钥”来获取和发布Facebook信息。
access_token不应与您的应用程序秘密代码混淆，后者用于代表您的注册应用程序进行连接。

在Flex中，您可以使用以下方法：

FacebookDesktop.getSession().accessToken;

我调用这个函数：

FB.getLoginStatus(onFacebookInitialLoginStatus);

调用下面的函数并从响应中获取access_token。

function onFacebookInitialLoginStatus(response) {
            if (response.status == "connected" && response.session) {
                var access_token = response.session.access_token;
                var url = 'https://graph.facebook.com/me/likes?access_token=' + access_token;
            }
            else {
                facebookLogin();
            }
        }

订阅此事件：

FB.Event.subscribe('auth.authResponseChange', function(response) {

然后检查 response.status