See this question for a similar discussion (for Facebook login only). Here is a brief overview of what should happen (taken from the discussion I am involved with):
- The user opens the application on the phone. Selects a service for authentication.
- Authentication through one of the available services (Facebook, Twitter, foursquare, etc.) and receives some special
access token . - Your application accepts the token and sends it to your server.
- The server receives the token and checks it. He checks it for the service API and (at least for Facebook and Twitter) gets the corresponding user ID.
- Assuming a valid identifier, your server checks to see if the user has already been installed by the user. If so, he registers them. If a user ID has not been created, your server creates its own user record associated with this user ID and logs in the user. In any case, the user finishes logging in and issues problems with a
session key server for your application. session key used for further communication between your application and your server until the user logs out.
On your phone, you need the OAuth library so that users can authenticate with another service. You will probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the OAuth suggested here for other authentication services. I only used the Facebook SDK, so I canβt talk about the OAuth shared libraries.
After entering the system, the phone should not store access token , only session key .
Assuming that users can use several services to access their account, you will also need a way to connect the two services to the same user (possibly by email).
It is up to you how your application and your server communicate. I would use the JSON + REST API to communicate with the server.