use facebook iOS client authorization on own to server

Question

I am using facebook SSO in my iOS app and that works alright. Now I would like to use that information - the user being verified against facebook with his uid - on my server backend. But how can I - securely - pass this information to the server?

My guess is that I'd need to send the uid and probably the authToken I got from facebook to my server? Could someone outline a general approach to that?

Even though it shouldn't really matter for my question, my server is running rails and devise for authentication. I also have facebook login working there separately, but I want to use the already done authentication from the client on the server. Confusing...

Answer 1

I came across this post which helped me understand the problem and solution.

Correct me if you see any issues.

The idea is to pass the auth token to the rails app. The auth token only works if both apps use the same app secret.

So the flow is like this:

1. iOS authenticate. Take the user's Facebook auth token and send to rails app.
2. Rails app takes auth token, posts it to graph.facebook.com/?auth_token=XXX. Response should be a json object of the user.
3. Take the user object response to find the UID and match it with a user in your database. If UID doesn't exist, create a new user and set the new UID.