Approaching authentication with Facebook and own API

Discussion in 'iOS Programming' started by Elvar, Sep 23, 2014.

  1. Elvar macrumors newbie

    Sep 23, 2014
    Hallo guys,

    I've started working on my first iPhone app, using the new language Swift, i must admit it is a great experience this far.
    My background of programming have been mainly web for the past many years, thus i have some architectural questions i hope you can help me with.

    The app is gonna use Facebook connect in order to register users, which is required in order to use the application; so whenever a user registers, i am gonna take whatever information i get from facebook and save it in my API. My Api will upon register return a access token, which the app will send along with further request. The expire date of this token will bump each time the user makes a request.

    My questions..

    What is the typical pattern of saving the user in app, when authenticated? In Rails ex. you would create a current_user method, which fetches the user data, and returns a user object. Basically i would like to have access to the current user globally, how would correctly achieve this?

    If the users token expires, how would i go along with re authenticating the user? Will i use facebook connect again, and maybe to somethign as find by facebook id in my api?

    Thank you.
  2. D.T. macrumors G3


    Sep 15, 2011
    Vilano Beach, FL
    It sounds like you’ve got the general idea down. One of my apps - that, BTW, uses Rails for the API - has this sort of authentication flow:

    Client (native iOS or web) requests auth from API
    API contacts appropriate service (FB or Twitter)
    Auth occurs (either via the passed creds or a web based login)
    Service routes back to API passing Auth Token
    API stores auth, generates internal token, passes to client

    Then all subsequent requests to the API are done via the internal auth token.

    The token from the social auth source is used to fetch the profile data like the avatar and username/id, which is used to validate against users, so you can de/re-authenticate, but you retain your unique internal user record.

    So if user calls the save comment method, it send a POST to the API, with the token in the header, the API validates the token, fetches the internal ID, saves the comment.

    FYI, I’m using OmniAuth, which automates a good bunch of this, generates the required models (like tokens, profiles, users).

Share This Page