5

I am still having trouble finding any sort of tutorials for authenticating a native iOS application with OAuth 2 Facebook on Google App Engine. I realize I might need to use a proxy on GAE (like here: Authenticate with Google App Engine from an Iphone Native Client ) to create a session with facebook but what is the cleanest way to do a SSO with native facebook UI?

I'd guess I would use something along the lines of the Facebook ios Auth tutorial: http://developers.facebook.com/docs/tutorials/ios-sdk-tutorial/authenticate/

But then how do I instead give the session to my GAE server and also cache the session on the client device so it can authenticate https requests to my server? I basically want to use simple-auth on GAE and have my iOS application act like a native (web) client (but not using UIWebViews). Isn't there a simple way to do this?

By the way I am using python on Google App Engine. I found this for Java but I honestly don't know exactly what it does because the documentation hasn't been written yet http://www.lean-engine.com/index.html

Similar unanswered question: https://stackoverflow.com/questions/14878727/oauth-from-native-ios-app-with-oauth-from-facebook

EDIT: I basically want to have a login similar to Draw Something and other Zynga games that allows users to simply use their native Facebook/iOS6 authentication to authenticate API calls to my server.

EDIT2: Found this informative post, but still no tutorial about how to do it Design for Facebook authentication in an iOS app that also accesses a secured web service

Community
  • 1
  • 1
Evan Layman
  • 3,691
  • 9
  • 31
  • 48
  • Should I be using something like GTMOAuth2 to authenticate requests to my server and use simple-auth on GAE? I'm just a bit confused by all of the different authentication processes. – Evan Layman Feb 22 '13 at 01:11

1 Answers1

0

So basically what I did was implement gae-sessions https://github.com/dound/gae-sessions/wiki on the backend.

Then I implemented facebook ios SDK authentication on the front end.

Then I send the access_token to GAE, where I do a facebook graph API call to /me and create a session containing info about the user and device and make sure the request was made from my ios application.

Then on subsequent requests I validate the user in the session is the same as the one trying to access data and also that the call also came from my ios App.

If anyone has any pointers to making this more secure, please feel free to comment or post an answer.

Evan Layman
  • 3,691
  • 9
  • 31
  • 48
  • I'm looking at doing the same thing but using Go: iOS app, facebook login and web service on GAE. What is the today's best way to accomplishing this? Thanks! – murrekatt Aug 20 '15 at 09:46