The JavaScript SDK returns a signed request object that can be used to authenticate the user to the backend (the application backend, which is). This is especially useful because the signed request object is signed with a shared secret. This allows you to verify that the Facebook identifier contained in the signed object is the actual user and not an impostor.
The same would be great for the iOS SDK. From where I stand, it looks like it uses the same / oauth dialog where you can go to
response_type=token,signed_request,code&sdk=joey.
I found the code on Facebook.m Facebook :: authorizeWithFBAppAuth [164], where the parameters for the call are configured. So I tried to add signed_request as the response type. However, I could not get it to work. Any pointers?
Here is the code I tried:
NSMutableDictionary* params = [NSMutableDictionary dictionaryWithObjectsAndKeys:
_appId, @"client_id",
@"user_agent", @"type",
kRedirectURL, @"redirect_uri",
@"touch", @"display",
@"token,signed_request,code", @"response_type",
kSDK, @"sdk",
nil];
source
share