The only login option in my android application is login via Facebook. I would like to use Web service (ASMX) and on each request the server must validate that the user is authenticated via facebook. I found a solution:
1) Authenticate user to Facebook from Android application
2) Get the FB auth token to the android app
3) Forward the authentication token & facebook UID from Android to web server
4) On web server, make Facebook API call with the submitted token.
If the Facebook API call from web server returns valid authentication, and the user id is equal to the one submitted by Android application, your server can trust the id (& you can be sure that the Android authentication real)
My questions are:
- Do I have to send the facebook user id and token each time when I send request to the web service? Or use a cookie (if that is possible)
- Do I have to register the web service as a facebook application? I found this: C# Facebook SDK Getting Started