I'm writing an android app that uses a JSON web service and I'd like to use Facebook for the authentication.
What I'm not sure about is how to secure the web service.
Should I use the authentication token returned from the Facebook login as the password to the web service?
I'm not sure on where the token is stored and how to retrieve it? Also how could I update the web service with the new token when it expires?
I'm considering just using an api key but that would mean someone could abuse the web service if they decompiled the apk and got the api key out.
Any suggestions are welcome.
I'm using PhoneGap so I guess there is the option of using cookies but I don't know exactly how.
There are two approaches been discussed here at Stack Overflow
1> How do I authenticate with my own site's API when using Facebook Connect for logins/account creation?
2> Facebook Connect to authenticate on a personal API
See if they work for you.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With