Verifying a Facebook Connect session

I am writing an application which has multiple frontend clients using Facebook Connect as a single signon solution.

One of these clients, for example is running on the iOS platform, so all fb authentication happens on the client via the iOS Facebook SDK. After a user authenticates on the client, however, since I am using Facebook for signing in to our site, is there anyway for the server to take the auth data from the client, and开发者_如何学运维 verify it?

Using the Javascript SDK, call FB.getSession() to get a JS object with various auth-related bits. Of these, pass 'access_token', 'expires', 'secret', 'session_key', 'uid' and 'sig' along to your server.

On server-side to check if the call is authentic, concat these into a string such as "access_token=1290380d9e&expires=92d903&secret=e9cj9kd&session_key=s49i9i3f&uid=12345". So everything you just passed, EXCLUDING the sig.

To this string, concat the "app secret" which you can get from Facebook developer site. Take the MD5 hexdigest (in Python import md5;md5.new(foobar).hexdigest()) of the string and compare to see if it is the same as the 'sig' you passed.