For a hybrid SSO scenario using the Facebook iOS SDK, what's the best way generating a password/key for our own custom user records?

Question

So my intention is to have a login in my iOS app that allows for either our standard email/pwd registration, or login with Facebook. We are also creating rest services to get a

Answer 1

Have you looked at the iOS docs for Single Sign On (SSO)? https://developers.facebook.com/docs/guides/mobile/#ios

You can share an app ID across mobile, canvas and web site and the same user auth works for each environment.

Check out: https://developers.facebook.com/docs/authentication/

Facebook Platform provides a number of ways to use the above OAuth flows in different app types, including Websites, Apps on Facebook.com, Mobile and Desktop Apps.

Answer 2

Design for Facebook authentication in an iOS app that also accesses a secured web service

This post helped me undesrtand it more. If I am not mistaken, the flow goes like this:

1. User authenticates in iOS app
2. iOS app takes auth token, sends it to the rails app
3. Rails app takes auth token and sends it to graph.facebook.com/?auth_token=XXX to get back the user if authentication was successful.
4. Rails app takes the user info and matches/creates user in own database table. Sends some kind of authentication key back to iOS app.
5. iOS app saves the authentication key so it can use it to communicate with the rails app.

Let me know if I am missing anything.

Answer 3

You just need to insert users Facebook key to your database to know if its authenticated with Facebook. Use OAuth at ios side authenticate user take users secret key send it to your rest web-service and save it with users other info.