One of the biggest gripes that I have with working with the FBConnect iPhone SDK, and really the Facebook API, in general was having to deal with a very inefficient REST implementation. Callback after callback, protocol after protocol, major bugs (that have yet to be fixed as far as I know), and my biggest issue is the nasty user experience having to login a user. I was very excited to hear when last month Facebook announced they had came out with a new API that would allow great security, ease and flexibility. The pains of having to go through currently working functionality and refactor the code to accommodate the new features wasn't too much of a problem for me because it would mean a reduced code set on my part and I would be able to get rid of the Facebook Connect SDK. I set out to test my theories and functionality via a quick web app. No problems. Then I proceeded over to my native iPhone app. EraseUrX v2.0. The new authentication mechanism utilized in Open Graph is OAuth2.0. While many of the headaches and complexities of using OAuth are addressed and the documentation for using it in a mobile web app are well documented with Facebook they TOTALLY dropped the ball on providing any direction on using it with a native iPhone app and they don't provide an updated SDK.
I could one of three things: 1. Use the old Facebook Connect which should still work for the forseeable future, but as stated above has too many issues that I don't want to deal with and they could drop support at any moment. 2. Wait for Facebook to publish a new SDK, but how long would it take them 3. Just figure it out myself and have a flexible solution that didn't relay any third party framework. I went with option 3.
The first thing you need to do is setup your app with Facebook. Second, you will need to create a "callback" page that Facebook will send the request back to once the appropriate code and token has been given to your original request. Third, once you have gotten the access_token from Facebook then you need to put it in a DOM object. This is important so that you can retrieve it via the UIWebview's javascript string evaluation and then finally save the access_token in NSUserDefaults for any subsequent requests. In my case I wanted to get a list of the currently logged in friends. Instead of having to go through the callbacks and delegate methods associated with the FBConnect SDK I now have user's login via OAuth and I make a call to, https://graph.facebook.com/me/friends, and get a JSON response of what I need. Simple. Beautiful.
Callback Example (PHP):
Custom ViewController (I am not including setting up the uiwebview. I assume you already know how to do that):