Now I want to write an Android application that allows users to post to my guestbook and view / create events through my web application.
An Android client will need a method to log into your web application to send it to a secure RESTful endpoint, and OAuth is a good way to do this. Spring Security OAuth is an extension of Spring Security that allows third-party mobile or web clients to interact with your website.
After setting up the OAuth server, you can create a custom provider using Spring Social in your Android client to establish an OAuth connection to your website. In this case, your users will authenticate on your website with their local credentials. Once connected, your Android app can then send events to RESTful endpoints on your website, again using the Spring Social API user bindings.
In this case, your users are not authenticated to Facebook from the Android application. It is assumed that they have already created an account and a connection to Facebook on your website. And in fact, this is how the SpringSource Greenhouse help application works.
This brings us back to the previous part of your question:
When employees successfully authenticate with FB, they programmatically sign for my local webapp using Spring Security.
If I understand correctly, you are asking for the authorization of your Android client to access your third-party website with Facebook credentials. Although it is certainly possible, it is currently not supported through Spring Social and Spring for Android.
Another option is to consider the mobile version of your website. Thus, Android and other mobile devices can simply log in to your site, like from a normal browser, using their Facebook credentials. The user interface will be more suitable for mobile devices, and this will eliminate the additional complexity of the additional OAuth server / client configuration.
And finally, turn to the last part of your question. This is really a separate issue from the previous parts:
This example seems to manually manage OAuth authentication.
The main problem is that Spring Social does not yet support the Resource Owner Credentials (ROCG) grant. Adding this feature would simplify the process of obtaining an access token for Facebook on Android, because you would not have to deal with browser redirection. See Spring Social Issue for more details.
Due to the lack of ROCG, the Spring Android application example illustrates one method of obtaining an access token using Spring Social. In this case, this is a modified version of the client-side authentication flow. For reference, Facebook has a useful page describing all the validation methods available. The web view is redirected to the URL after successful authentication, after which the application can retrieve the access token from this URL.
SpringSource discusses how to simplify authentication and improve this part of the integration between Spring Social and Spring for Android in future releases.