Use Facebook authentication token in API

2019-07-06 04:22发布

问题:

I'm having an iOS app where the user authenticates with Facebook on the device and also communicating with my server API.

Authentication

Today I'm sending the Facebook user access token (over SSL) and the server verifies the token with Facebook. Thats the authentication mechanism for the API.

Session token

Instead of using a generated token to user for all future API calls, I use the Facebook access token as the session token as well. This makes it a lot easier on the device as you don't have to care about first getting the token and then call the API. You just send the Facebook token in each call, easy.

Is this a good solution when authenticating with Facebook towards an API?