I've been doing a fair bit of reading up around the above. To the point now where I'm now a bit overwhelmed on how best to go about implementing security between my MT iPhone application and rest services. My application will use Facebook to authenticate the user and allow Facebook updates. The application will also use some Rest services that I want to secure using the Facebook Oauth token.
Basically the flow goes something like this: User -> Mobile App -> Facebook (gains access token) Mobile App -> Rest Service (passing access token) Rest Service -> Facebook (checks access token to get user id) Rest Service -> Authorises access and does stuff So far, I've built some Rest services (using ASP.NET MVC 3) that use Oauth to secure them using the scenario based Oauth sample included with Web Api Preview (http://wcf.codeplex.com/releases/view/73399 - which is now included in ASP.NET MVC 4 beta http://www.asp.net/web-api). So I was going to go about using a WebView control on the iPhone to log into Facebook and pass the access token to my Rest services. Then this morning I discovered (thanks to this forum) the Mono MonoTouch Bindings library (https://github.com/mono/monotouch-bindings) which has a Facebook api - so now thinking if I should be using this instead, if it's suitable. Also keen to hear if I'm going about what I want to achieve in the right way, and if anyone else has needed to do the this using MonoTouch! Thanks -- View this message in context: http://monotouch.2284126.n4.nabble.com/Security-architecture-guidance-Facebook-Oauth-and-Rest-services-tp4401695p4401695.html Sent from the MonoTouch mailing list archive at Nabble.com. _______________________________________________ MonoTouch mailing list [email protected] http://lists.ximian.com/mailman/listinfo/monotouch
