2

I'm studying how to develop an iOS app and I need to figure out how should I structure it.

Architecture:

I've an external database, a REST api (as interface between the database and the app), and the iOS app.

The question:

I'd like users to authenticate by a simple form or by a Facebook login button but in each case a table 'user' in the database has to be filled with default fields like name, surname, email, profile picture, password(?).

For the standard authentication there are no problem, but for Facebook authentication I'm quite confused about theory:

  • Should I use access token? How?
  • When a user get authenticated with Facebook I haven't his password, so how can I get his informations from the database? In the standard way I would give to the database username and password and it would return for example the id field.

Sorry for my english.

cventr
  • 186
  • 1
  • 12

2 Answers2

2

You can use the access token of current logged in user

[FBSDKAccessToken currentAccessToken]

and send it to your REST api. From there you can retrieve every information you need and save it to your database (except user's password of course). If a user sign in for first time in your app insert a new user in your database and save user's Facebook User ID.

The whole idea of using authenticate and authorization is not to have access to user's password of another app, but the user authorize (confirm) your app to have access in his/her account with specific permissions.

Here is a step-by-step answer of what you need: Design for Facebook authentication in an iOS app that also accesses a secured web service

Community
  • 1
  • 1
euthimis87
  • 1,134
  • 1
  • 11
  • 18
  • Great! Just what I was looking for. Thank you! – cventr Sep 02 '15 at 08:46
  • Since my answer was helpful for you, could you accept it? – euthimis87 Sep 02 '15 at 12:23
  • Just another question: the login in the app returns the access token, so there, IN THE APP, I'm already able to retrieve users informations. Instead you said that I should send the access token to the REST API, and retrieve the informations from there. Could you please explain me why should I get informations from the rest api and not from the app? – cventr Sep 02 '15 at 14:53
  • Well it's not obligatory to do this. You can retrieve the information from your app also. The difference between them is slight. – euthimis87 Sep 06 '15 at 15:40
  • If you retrieve the information from your REST API, you can maintain and handle the connection between your app and fb easily. For example, if the permissions change for the user you can update your code in your backend quickly instead of update your code in app and so you need to update it also in appstore. Another thing is that if you have a choice for a user to login with other api, then in your backend code you can check if that user had also another account with another api, and so don't need to create a second user in your db. – euthimis87 Sep 06 '15 at 15:41
0

You need to save the currentAccessToken that the login request returns to you.

Then, using Facebook's Graph API, the userID that was returned in the login request, and the user access token, you can request a user object, which has the email address, assuming you added the email permission in the login request.

Also use the Graphi API to retrieve the user's photo using the userID that was returned in the login request:

50x50 pixels

<img src="//graph.facebook.com/{{fid}}/picture">

200 pixels width

<img src="//graph.facebook.com/{{fid}}/picture?type=large">
Marcus Adams
  • 53,009
  • 9
  • 91
  • 143