I have been wrestling with Web Services, Authentication and OAuth. I'd like to explain everything how I see it, and ask for any comments.

Let's say .... we would like authentication of the web services to be approved using either username/password or facebook connect "Login with Facebook".

However, if the user logs into our site using facebook, we don't want to validate each access of the web services with facebook.

So, after validating user/pass .. or confirming valid facebook account, we must manage our own authorisation for the site.

Being a RESTful service, we will have to manage this with some sort of token no? So, either using cookie based authentication, or using our own OAuth authentication.

1. Am I correct?
2. Am I likely to encounter any problems with this method?


Thanks for your input.