Hi,
this question is really interesting, but it does not have a simple answer and requires a little discussion.

First, there are a couple of things to consider which must be "milestones" in the resulting scenario:

1) The login process, that involves interaction with FB itself, MUST be executed on the mobile side (don't think to pass FB credentials to the server);

2) The app secret MUST be stored on the server side, because the mobile app can be decompiled and the secret could be visible in clear.

I have found this image that summarize the login process.



I have also found an interesting article which describes the best practices to do this.

medium.com/@taylorhughes/the-right-way-to-implement-facebook-login-in-a-mobile-app-57e2eca3648b

So the first step could be to implement the FB login in your app, as example with this Cordova module:

github.com/Wizcorp/phonegap-facebook-plugin

After this, you should send the auth token to your server (e.g. to a custom jBackend module), and this should verify if is a valid token and grant access to the mobile app.

Kind regards,
Luigi