I have read the documentation here:
django-rest-framework-social-oauth2, but everything is very unclear to me (It's my first time working with this).
and by the end it shows some configuration of how to do the settings to use facebook Oauth2. And there's this information on the docs:
You can test these settings by running the following command :
curl -X POST -d “grant_type=convert_token&client_id=<client_id>&client_secret=<client_secret>&backend=facebook&token=<facebook_token>” http://localhost:8000/auth/convert-token
This request returns the “access_token” that you should use on all
HTTP requests with DRF. What is happening here is that we are
converting a third-party access token (user_access_token) in an
access token to use with your api and its clients (“access_token”).
You should use this token on each and further communications between
your system/application and your api to authenticate each request and
avoid authenticating with FB every time.
I could test it with a test token from facebook and it behaves as I expected like I wrote in my question.