Cross domain [??] FaceBook LogIn session

Question

I am building a web application consisting of:

1. Enterprise WebSite
2. iPhone app

When a new user is registered I want to import his FaceBook avatar, following is the use-case:

1. User logs in to FaceBook using the iPhone app (FaceBook session is created on the iPhone device)
2. User is getting registered with the Enterprise WebSite
3. The Enterprise WebSite import the users facebook avatar using Facebook API<

Having the above use-case in mind, the user has logged in using the SmartPhone application (and not using the Enterprise WebSite). Is it possible to use the SmartPhone's FaceBook login session on the WebSite backend to import the user's avatar w/o requiring to directly LogIn through the WebSite app? is this use-case possible? isn't there any security limitations?

Any help will be appreciated.

Answer 1

The iPhone app will receive a long-lived access token, which it should be possible to send back to the server and use from there to retrieve the avatar, as long as the iPhone app and the website are the same 'app' on Facebook.

The only problem I can see is that if the user revokes permissions, the website won't be able to ask the user to provide them. What might be easier is retrieving the profile picture from within the iPhone app, and then sending that back to the server.