If your iPhone app incorporates the Facebook Connect for iPhone library, one of the first things you will do is instantiate an FBSession object. Developers are given two choices for this according to the wiki:
session = [FBSession sessionForApplication:myApiKey secret:myAppSecret delegate:self];
session = [FBSession sessionForApplication:myApiKey getSessionProxy:myURL delegate:self];
The first option is quick to implement, and an OK option for initial testing. However, it is inherently insecure as it requires you to release your Facebook application’s secret key embedded in your code.
Unfortunately, implementing the second option isn’t straightforward. Read the rest of this entry »