How to secure web service methods using tokenization for Facebook logins?

In my application, each user will have his/her own login credentials by signing up. To secure their personal informations, we are using tokenization method. ie, while login after giving username and password, we'll create a dynamic token for that user. Using that token we'll fetch the user's details from the server though out the application.

But, for Facebook login(iOS 6.0 sdk), we just have the username(email address) we can't get any passwords from the user. If we provide a token for a user by just passing the email address to the web method means, it won't be a secured one. What to do with this situation?

Answers


We can use the User Access Token which will be received from Facebook once the User gave the permissions to the application.


Need Your Help

How to set title and publish content created by the transmogrifier folders section?

plone data-migration transmogrifier

I'm using collective.transmogrifier.sections.folders pipeline section to create parent folders of content I'm importing into Plone.

Alternative to HttpUtility for .NET 3.5 SP1 client framework?

.net deployment .net-3.5 .net-client-profile

It'd be really nice to target my Windows Forms app to the .NET 3.5 SP1 client framework. But, right now I'm using the HttpUtility.HtmlDecode and HttpUtility.UrlDecode functions, and the MSDN