I am developing iPhone app that let user login using their facebook account using FBConnect SDK. The app talks to rails backend server for data retrieval. Because I do not want to make users create account, I want to let users log in to the rails backend server using their facebook account. Is using access key and secret of FBConnect as user name and password on rails server right way to do this?
You should use the user's Facebook id to uniquely identify them (i.e., as their username). Then have the app send that and their Facebook token to authenticate them. You can authenticate that the token is actually valid by passing it to Facebook and asking it to verify the token.