[MonoTouch] Security architecture guidance - Facebook Oauth and Rest services

bustergonad gonad2006 at hotmail.co.uk
Sun Feb 19 13:55:24 UTC 2012

I've been doing a fair bit of reading up around the above.  To the point now
where I'm now a bit overwhelmed on how best to go about implementing
security between my MT iPhone application and rest services.  My application
will use Facebook to authenticate the user and allow Facebook updates.  The
application will also use some Rest services that I want to secure using the
Facebook Oauth token.

Basically the flow goes something like this:

User -> Mobile App -> Facebook (gains access token)
Mobile App -> Rest Service (passing access token)
Rest Service -> Facebook (checks access token to get user id)
Rest Service -> Authorises access and does stuff

So far, I've built some Rest services (using ASP.NET MVC 3) that use Oauth
to secure them using the scenario based Oauth sample included with Web Api
Preview (http://wcf.codeplex.com/releases/view/73399 - which is now included
in ASP.NET MVC 4 beta http://www.asp.net/web-api).

So I was going to go about using a WebView control on the iPhone to log into
Facebook and pass the access token to my Rest services.  Then this morning I
discovered (thanks to this forum) the Mono MonoTouch Bindings library
(https://github.com/mono/monotouch-bindings) which has a Facebook api - so
now thinking if I should be using this instead, if it's suitable.

Also keen to hear if I'm going about what I want to achieve in the right
way, and if anyone else has needed to do the this using MonoTouch!


View this message in context: http://monotouch.2284126.n4.nabble.com/Security-architecture-guidance-Facebook-Oauth-and-Rest-services-tp4401695p4401695.html
Sent from the MonoTouch mailing list archive at Nabble.com.

More information about the MonoTouch mailing list