How to pass Facebook Id from client to server securely

Question

I have a Facebook canvas app. I am using the JS SDK to authenticate the user on the browser-side and request various information via FB.api (e.g. name, friends, etc.).

Answer 1

I don't know if it's language specific but using both server-side and client-side authentication does no harm.

You can work on option 2 but yes, that will be also vulnerable to spoofing.

Doing option 3, you will be having a single access token for that user session, so that would be the best choice according to me since you always have chance of spoofing when passing user information from client side.