一些阅读，并要求我想出了这个之后：

After some reading and asking I have come up to this:

1。 是的，如果你希望你的用户注册使用他们的Facebook或谷歌帐户，您调用API，获得电子邮件地址（它甚至与Google's的AccountManager在Android上更容易），将其发送到服务器，将节省电子邮件地址，关联一个用户ID和生成it's自己的访问code。访问code将被发送回客户端应用程序来保存以备后用。每当用户想要做一些操作，服务器API将会被调用，使用user's的e-mail地址和访问code和你可以肯定它确实是用户。这是更难从外部调用的API，并正确地猜测这两个电子邮件地址，并获得code所以它是偏于安全。

1. Yes, if you want your users to sign up with their Facebook or Google account, you call the API, get the e-mail address (it is even easier with Google´s AccountManager on Android), send it to your server that will save the e-mail address, associate a userID and generate it´s own access code. The access code will be sent back to your client app to store it for later use. Whenever the user wants to do some operations, the server API will be called with the user´s e-mail address and access code and you can be sure it really is the user. It is much harder to call the API from outside and guess correctly both the e-mail address and access code so it is somewhat safe.

2。 由于Facebook登录仅用于对用户进行认证，这意味着只验证用户是否存在，并有一个账户，我们实际上鸵鸟政策需要FB accessToken。我们需要的FB accessToken仅用于Facebook的服务器API调用，因此，例如，当我们要检索的user's朋友等的列表。在这种情况下，你可以得到由Facebook的SDK中提供的活动会话，并从那里得到accessToken。

2. Since the Facebook login is only used to authenticate the user, which means to only verify that the user exists and has an account, we don´t actually need the FB accessToken. We would need the FB accessToken only for API calls for Facebook server, so for example when we want to retrieve a list of user´s friends and so on. In this case, you can get the active session that is provided by Facebook SDK and get the accessToken from there.

3。 这种情况下，再次pretty的简单。 如果您只使用Facebook登录验证用户，你鸵鸟政策护理如果用户删除他的帐户在未来。第一次登录后，你救了他的电子邮件地址，可能是图片，不再关心他的Facebook个人资料。 如果您使用Facebook登录获取等好友列表，你不保持这种类型的数据在本地存储，无论如何，所以只要用户删除自己的帐户，他失去了他的好友列表为好。或者，你可以保持自己的好友列表，并尝试更新它每次他使用你的应用程序，一旦他删除了他的帐户，好友列表停止更新，这是再次到你的用户不使用Facebook帐户。最后的想法是相当适合游戏应用程序使用的情况下....只是一个想法，没有什么正式接受为是***的。

3. This case is again pretty simple. If you only use Facebook login to authenticate the user, you don´t care if the user deletes his account in the future. After the first login, you save his email address, possibly a picture and no longer care about his facebook profile. If you use the Facebook login for getting a friends list and so on, you do not keep this type of data in your local storage anyway, so as soon as the user deletes his account, he loses his friendlist as well. Or, you can keep his friendlist and try to update it everytime he uses your app and once he deletes his account, the friendlist stops being updated and it is, again, up to your user not to use the Facebook account. The last idea would rather suit game apps use cases....just an idea, not anything officially accepted as the best.