The information you request is setup in the application configuration on the FB developers site (you choose what permissions your app is requesting). You choose what information your application wants to access (e.g. similar to application permissions) and this information is presented to the end user when they auth, allowing them to toggle which information they wish to provide. Public profile is one that is always provided on successful auth (as it can’t be toggled off). Email used to be in here I think, but this has probably changed now.
In the Passport-facebook-token strategy docs, in the first code sample on the readme, it has a ‘profile’ argument in it’s callback. This is an object that contains the profile data returned by the FB graph API. It also returns accessToken and refreshToken parameters. You can store these in a database (or secure storage).
The caveat is that depending upon what you’re doing besides login (if anything), you might hit a problem due to the whitelisted URL setup that FB use on applications. I haven’t worked with FB auth from a mobile context (especially without having my own server sat somewhere in between to handle auth).
As I said, it’s been a while since I worked with Passport (and with the FB API) so some of the above might be a bit out of date or no longer recommended.