I'm building a Rails 3 app which will exclusively use Facebook for authentication (via omniauth-facebook & koala for performing graph stuff). I want to be able to allow an iOS app to authenticate users with my app in a similar way to as described here.
I'm wondering if there is a nice way to 'override' omniauth if an ?access_token=X param is present - I'd still like to use omniauth to create or retrieve the user record, but I want a way of just passing it an access token and have it ignoring it's usual session data.
So basically if a user hits my app, they login using omniauth in the normal way. If a request is made with an ?access_token=X argument, the usual authentication is ignored and the user is checked against Facebook using this token. (for all my RESTful controllers).
