How to authenticate the user and restrict a Facebook app for just posting from server side?
I'm creating a game for iOS (and maybe Android) in Flash (with Adobe AIR) and I'm trying to integrate Facebook. I've read lots of similar questions but I still can't get a clear answer. With my app:
Users will be able to login using Facebook at client side. (done this, using facebook-actionscript-api)
Users, however, should NOT be able to post anything server side, to avoid abuse (such as 'I made 9999999 points' posts).
I have a server (ASP.NET 4.0) and my server should be able to post on behalf of the player. (such as 'I made 1234 points', after a validity checking)
How can I validate my Facebook user at server side, restrict user from publishing using my App at client side, and let my server publish posts for that user?
Is there any option to grant the publish rights just to the server? Would Facebook's server whitelist work? But how would I then make API calls for user from client side (or should I move all the logic to server side after getting a token?
I say the best option is to assign a token for user and do the job server side.