Facebook Connect to authenticate on a personal API

I have developed a simple API to allow communication between my Android/iPhone apps and my server. In my application, users need to authenticate themselves and they do it using login/password credentials with the following API call:

http://开发者_C百科api.myapp.com/login?user=xxx&pass=pass

Application receives in return:

{ "api_token": "xxxx-xxxx-xxxx-xxxx" }

So basically I exchange my credentials against api_token.

I would like to add Facebook connect support. I have successfully used the Facebook SDK and receives the correct access_token.

However, I need to implement a mechanism to exchange access_token with api_token

Assuming the user has already connected his account with Facebook (on his web user panel), what would be the best implementation to proceed to the exchange?

Here is how I finally did it. It's working very well for more than one year, never had any problem. The idea is to exchange tokens using the following API call:

http://api.myapp.com/login/facebook?access_token=<facebook_access_token>

Server side, you verify validity of the access_token with a simple

wget -qO- https://graph.facebook.com/me?access_token=<facebook_access_token>

Which sends you back a JSON with all user information, including user's Facebook ID. Assuming the user has already connected his account to Facebook, you can lookup the user_id and send back an api_token.

http://developers.facebook.com/docs/authentication/

The best implementation will naturally depend upon your current platform. There are several Ruby on Rails gems, for example, that handle to whole Open Authentication bit for you.