Determine better way of ensuring a FB access token is legit

Right now we just depend on being able to get the e-mail address to prove that a given accessToken is indeed legitimate for a given user. We should see if there is a better way to test for the authenticity of a given accessToken.
