Hi
I'm using a class I bought to facilitate Facebook login into an iOS app.
My primary reason for wanting Facebook login is so that I can log the user into my server using the Facebook ID that they signed up, as I do on my web app.
Just getting my head around the FB authentication process with phone apps in general...
If I understand correctly, this is how it is now:
1. User logs in with Facebook.
2. Facebook tells my *app* the user logged in.
3. My app tells my server the user logged in with Facebook, by sending it the user's Facebook ID
4. My server blindly trusts that the fact it's getting a Facebook ID from my app means that that ID does indeed belong to them, and that user is truly logged into Facebook, checks for in my system and if found, logs them in, and sends user data to the app.
If this is correct, is there a way I can make it like how web app Facebook auth is done, so...
1. User logs in with Facebook.
2. Facebook tells my *server* the user logged in, I search for their Facebook ID in my system, and if found, log them in
3. My *server* tells the *app* that the user logged in with Facebook.
4. The app trusts the server.
With the first process set, you are vulnerable to someone hacking your app and sending you any old Facebook ID to log into your system with.
Cheers
AdChoices