For users signing up from our android app and iOS app, we need to generate short lived access token from the app and need to have the server generate the long-lived token. Referring to https://developers.facebook.com/docs/facebook-login/access-tokens#extending, we see the following -
Make this call from your server, not a client. The app secret is included in this API call, so you should never actually make the request client-side. Instead implement server-side code that makes the request, then pass the response containing the long-lived token back to your client-side code. This will be a different string than the original token, so if you're storing these tokens, replace the old one. Once you've retrieved the long-lived token, you can use it from your server or ship it back down to the client to use there.
How do we implement this when we have an android app and server and not a web page as the client?