I have an application that I would like to be heavily integrated with Facebook. At the end of my project I would like to have a Facebook Canvas App, iOS App, and Android App. All will use Facebook for authentication so I'm attempting to build a Web Api in MVC that can handle that.
I started with the MVC Facebook Application Template and have incorporated Knockout.JS which makes calls to the Web Api via Ajax and returns json. The problem is that I need to access the user's Facebook token in the WebApi and I'm not sure what is the best way to go about it.
The token would be used to verify the user, check it's status, give access to user specific information in my database, and also to make calls to graph api on behalf of the user.
I don't want to have local user accounts as it seems unnecessary and I struggled to get it to work with all browsers on the Facebook canvas anyway.
I really just want to use the JavaScript Facebook authentication, grab the token, and be able to securely send it to the web api and I can't for the life of me figure out how to do it.
I know there are a ton of smart people on this site, and thank god because I'm not one of them! :)
Am I going about this the right way? What direction would you all suggest? And if the idea isn't bad, how do I best and most securely pass the facebook token to my web-api?
Any hints or tips no matter how small would be very much appreciated.
