Decrypt Facebook Access Token on iPhone for use on PHP page

I am using the newest Facebook iPhone SDK which uses the OAuth authentication, and I have it almost all working except one part. I've created a session on the iPhone, and I would like to continue that session on a php server for further processing (such as getting the high scores of a p开发者_如何转开发erson's friends). With the old iPhone SDK, all you had to do was pass the session from the iPhone application to the PHP page and you could go from there.

However, it seems like the new SDK is more security conscious and it is more difficult to continue sessions. From what I've read, it looks like I have to use an access token to continue the session on the php page. In the Facebook SDK, there is an access token variable that looks like it is encrypted. In order to use this access token I think that I need to decrypt it, somehow. I found this page which looks like it could help with decrypting that access token, but I always receive a NULL response.

I've tried so many things and I'm running out of ideas. Am I approaching this correctly? Or do I need to go a completely different route?

Thanks, Justin

The iPhone Facebook Access Token is now working for me, when using it directly to access the Graph API from our server code. I guess that the encoded iPhone access token rollout wasn't done in one seamless atomic operation.

EDIT:

Here's what happens to the iPhone token between being retrieved from QueryString to obtaining Facebook data from it:

string facebookAccessToken = Request.QueryString["code"];

//Remove any & on the end (like &expires=) as these prevent the login working
//Note that the iPhone token does not contain any & symbols
int ampersandLocation = facebookAccessToken.IndexOf( "&" );
if( ampersandLocation >= 0 )
{
    facebookAccessToken = facebookAccessToken.Substring( 0, ampersandLocation );
}

loginFacebookInfo.facebookApi = new Facebook.FacebookAPI(facebookAccessToken);

JSONObject me = loginFacebookInfo.facebookApi.Get("/me");

The FacebookAPI constructor does nothing other than store the unprocessed access token.

The final call to facebookApi.Get("/me"); is just sending a GET request to this URL:

https://graph.facebook.com/me?access_token=<iPhone access token>

and is succeeding.

Note that it's accessing via https, not http - and I'm pretty sure a http call would fail.

There's no oAUTH calls going on and no code to exchange session keys for access tokens - it's just working.

Hope that helps.

Cheers, Paul