For a hybrid SSO scenario using the Facebook iOS SDK, what's the best way generating a password/key for our own custom user records?

Question

So my intention is to have a login in my iOS app that allows for either our standard email/pwd registration, or login with Facebook. We are also creating rest services to get a

Answer 1

Design for Facebook authentication in an iOS app that also accesses a secured web service

This post helped me undesrtand it more. If I am not mistaken, the flow goes like this:

1. User authenticates in iOS app
2. iOS app takes auth token, sends it to the rails app
3. Rails app takes auth token and sends it to graph.facebook.com/?auth_token=XXX to get back the user if authentication was successful.
4. Rails app takes the user info and matches/creates user in own database table. Sends some kind of authentication key back to iOS app.
5. iOS app saves the authentication key so it can use it to communicate with the rails app.

Let me know if I am missing anything.