I'm writing an iPhone app that needs a server based component, and rather than make the user create a new account just for my app, I thought I'd make their life easier by having them log in with their facebook account. I don't plan on using the Facebook Connect API very much, I just figured that nobody wants to remember an extra password if they don't have to.
The problem is that I don't think I really understand how to do my server side authentication correctly. Here's how I'm doing it now:
1) The iphone client app brings up a UIWebView pointed at https://graph.facebook.com/oauth/authorize??client_id=<my_client_id>&redirect_uri=<my_redirect_uri>&...
2) The user logs in to facebook.
3) The UIWebView gets redirected to my server with the OAuth access token as a parameter. I intercept this in the iphone client app and do the request as an NSURLRequest to capture my server's response.
4) My server gets this request, stashes away the OAuth token, uses it to grab the user's facebook id, stashes that away, and sends back to the iphone client app the facebook user id and a randomly generated password.
5) From here on in, the iphone client app only talks to my server over HTTPS (never again to facebook), using users_facebook_id/randomly_generated_password as the credentials.
I have two questions.
1) It feels like I don't have the right solution here. Is there a standard, best-practices way to do this type of thing? (i.e. use facebook credentials to log into your own server from your own iPhone client) Can anyone link me to an explanation or a tutorial?
2) I saw the facebook ios sdk and that seems much slicker than what I'm doing right now. Can that do the types of things I need here?
Thanks for the help!
