I am confused about the general flow of Facebook and my application. When a user creates an account on our service (I'll call it MyApp) through SSO, we associate their account on MySite with their Facebook uid and access token. Then, based on their actions on MyApp, we can publish actions to their timeline and get access to their information on Facebook. When the account is created, the user can also choose a password and later sign in without using Facebook, just with email and password. By the way, there are also users whose accounts are not Facebook connected and who only can log in with email and password. That is all, I think, pretty typical.
However, we would like to have ways in the MyApp iOS client for a user to send user-to-user requests and share on others' timelines, both of which appear to require using the FBDialog API. If the user logged in with Facebook, this should work fine because we have an active session for them. However, if they are a Facebook-connected user who did not log in via Facebook, how can we open the dialog on their behalf? Is it kosher for the app to retrieve the Facebook access token we have stored for the user on our backend? If not, what other recourse is there? We can open another Facebook session then, but the user could log in as a completely different user than the one to which their MyApp account is connected, which (while not necessarily that bad) is not the desired behavior.
Thanks for your help! Sorry for the walls of text.
