Oauth 2: Is access_token a unique key for User?

After a user connects with Facebook, Facebook responds with an access_token.

Can I assume this access_token will always stay the same and is unique for every user?

If so, then I can use it to find the user in my database, and if not found, create a new user.

If not, is there a way to ask Facebook to also send you back user_id (with the access_token) right after connecting so开发者_运维知识库 that I don't have to make another request to /me?fields=id for it?

You should use their id as a unique identifier. The access_token is unique, but you'll get a new one every time you request one.

OAuth access_token can be duplicated during 2+ token issuers. It is unique only in the token issuer (facebook.com in this case). Since facebook token is enough long, token duplicates will rarely happen though.