So I guess this question is sort of two folds
What should I store when granted Facebook OAuth rights into my User Domain Entity (facebook userid? or token? or both or something else)
Can I just generally secure the ASP.NET Web API with a DelegatingHandler to read for the access token?
Currently my core architecture is as follows:
- MyApp.Domain : My domain models in a Class Library Project
- MyApp.DataAccess: My Repositories and Entity Framework Contexts
- MyApp.WebAPI : ASP.NET Web API Project for a RESTful Service
My Clients are
- MyApp.Website: ASP.NET MVC 4 Website
- MyApp.iPhoneApp - Native iOS App for the iPhone
- MyApp.AndroidApp - Native Android App
