Vote count:
0
I'm creating an app using the FBLoginView to handle logging in. The problem with this is that I want to add a session ID to my server for the user that has logged in. As far as I know, there's no way to call a script that is verified to have come from the Facebook server when using the Facebook SDK to login.
An example of what I'd do if I weren't using Facebook Login:
I'd send a username and password combo to the server, search for a row that matches these values. If a row doesn't exist, I would return an error message. If a row does exist, I would create a token, server-side, add this token to the user's row in the database and then return the token back to the user to set a NSUserDefault value. Then, when the user tries to make a call to one of our PHP scripts, they would pass this token to our script. We could then use this token and their Facebook ID in our database to verify that the call was coming from this user and if the token did not match the row corresponding to the Facebook ID, it would not perform the script.
This is our biggest problem. We don't want just anybody to call our scripts. We want to verify that it's the person associated with the Facebook ID.
Any way to do this? We've been thinking this over for weeks now and haven't been able to come up with a satisfactory solution.
Thanks!
Aucun commentaire:
Enregistrer un commentaire