{
  "server": "fb-auth (RCS Facebook OAuth emulator)",
  "app_id": "530984573639523",
  "endpoints": {
    "facebook_flow": {
      "oauth_dialog": "GET  /v2.3/dialog/oauth?client_id=&scope=&redirect_uri=&response_type=token,signed_request&return_scopes=true",
      "login_page":   "GET  /login.php",
      "login_submit": "POST /login/device-based/login/",
      "confirm":      "POST /dialog/oauth/confirm",
      "activities":   "POST /v2.3/530984573639523/activities  (multipart/form-data, FBAndroidSDK.4.2.0)",
      "me":           "GET  /me?access_token=&fields=id,name,email",
      "debug_token":  "POST /debug_token  (body: signed_request=...)"
    },
    "rcs_pairing": {
      "link":  "POST /rcs/link   {fb_access_token, rcs_refresh_token, app_id?}",
      "login": "POST /rcs/login  {fb_access_token} → {rcs_refresh_token, fb_user_id, fb_name, fb_email}",
      "list":  "GET  /rcs/links  (debug: all current pairings)"
    }
  },
  "rcs_pairing_flow": [
    "1. Game completes FB OAuth → gets fb_access_token",
    "2. If first login: POST /rcs/link with fb_access_token + existing rcs_refresh_token",
    "3. On subsequent launches: POST /rcs/login with fb_access_token → get rcs_refresh_token back",
    "4. Game uses rcs_refresh_token with RCS session endpoints as normal"
  ],
  "test_user": {
    "email":    "test@example.com",
    "password": "password123"
  },
  "notes": [
    "access_token query param may be empty for pre-login activity events",
    "activities response is Content-Type: text/javascript (matches real FB)",
    "signed_request: HMAC-SHA256, key=app_secret, data=base64url(payload_json)",
    "rcs_fb_links table schema is documented in the /rcs/link handler comment"
  ]
}