How to secure web service methods using tokenization for Facebook logins?
In my application, each user will have his/her own login credentials by signing up. To secure their personal informations, we are using tokenization method. ie, while login after giving username and password, we'll create a dynamic token for that user. Using that token we'll fetch the user's details from the server though out the application.
But, for Facebook login(iOS 6.0 sdk), we just have the username(email address) we can't get any passwords from the user. If we provide a token for a user by just passing the email address to the web method means, it won't be a secured one. What to do with this situation?
We can use the User Access Token which will be received from Facebook once the User gave the permissions to the application.