OK, here is my pragmatic solution to the same problem.
You authenticate iOSApp with facebook . This gives you access_token and you can get the facebook user id ( fb_id ) from facebook .
Now you want to use this authentication to authenticate the request for some service related to iOSApp (yourService).
Send fb_id and access_token with a reliable request to your service (for example, using https).
yourService then uses fb_id and access_token to make an arbitrary call to the social graph, for example:
https://graph.facebook.com/ fb_id ? field = name & access_token = access_token
This call will return a corresponding error if the access_token is invalid or does not match fb_id , so yourService can now execute or reject the request based on the return value.
yourService and iOSApp can read or change the FB schedule in accordance with the permissions and access_token status, but above all this you need if you just want to authenticate the user using your service when they have already authenticated using iOSApp.
There may be some problems with the FB policy regarding access_token transfer, but as long as you use https for transfer, it is as secure as the exchange between iOSApp and Facebook.