my company is developing a system that works as follows:
there is an iphone/mobile app and a php server that offers rest services.
in the mobile app,the user can register/login in 2 ways:
- username/password couple
- facebook account
while the point 1. is quite clear, i am in difficulty with the point number 2:
from what i understand , the sequence should be something like the following:
1 - the app sends to fb user data, and fb in some way that i don't care authenticate the user and answer with "ok, it's you". 2- the app must now request to the php server some user data.
how can i authenticate the communication between the server and the app, after the user has logged with fb in the app ?
i can't just ask "send me the data of the user fbid" because with a simple request that could be retrieved by anyone.