Search code examples
phpiosfacebookfacebook-graph-apifacebook-ios-sdk

iOS Facebook login, handle different access tokens and determine users identity

I have a couple of questions regarding facebook integration and authentication in my social networking iOS application.

First of all, Users of my application are required to create an account and login before any content is available to them.

I have a separate backend system, so regular account registration inside my application is supported. When a user is logged in to an account he or she is supplied an access token which is used for future backend-requests, such as image-uploads.

Secondly, A user can choose to log in with Facebook, and thereby acquire an access token from the successfully opened FBSession.

This leads to my first question: How do I use the access token acquired from Facebook to authenticate my users with my backend system? Should I send the acquired token to my backend and have the system use that token for this particular user until further notice, or is there another way to go about this?

--

Now lets say that I solved the problem in the first question...
My second question: Imagine that a user created an account and logged in the normal way (i.e. without facebook) The next time that user wants to use the application, he or she chooses to log in with facebook.
Now, In my backend-system, how would I know that these two users are the same, connect them and thereby be able to load the same content for both cases? Is it even possible to have hybrid accounts that supports double logins like that? A regular registration only requires email, username and password, so I cannot think of a way to determine that a facebook-loggedin-user is the same user as a normal-loggedin-user.

I Hope the above makes sense.

Solution

  • The only way to unite the two memberships is to use a common link as a username or identifier such as email. I am sure fb, google, yahoo and others relay the users email account information. Your database should allow for storing your user's email address. The hurdle then becomes what do you do when user login with facebook then the next day using gmail that's when it gets tricky and you have to implement some mechanism for those accounts to be linked.