Exactly what the title says. Is it possible to use Facebook Connect (or any other means of FB integration) in a native iPhone app without resorting to the built in login dialog (which looks awful)? Something where I could create my own custom login screen asking for the facebook login username and password and then using the fbconnect native methods to validate that info and retrieve a valid session?
When I looked into Facebook Connect, they seemed pretty stringent on their API and any mods you might want to make. Not once is there any mention on facebook.com/x of customizing the interface so I think you have to stick with what they've approved.
Which would be wonderful if the log-in dialog actually carried out basic form validation at least. You can submit the form without filling in either your email address or password. Shoddy, shoddy, UI work.
Yes and no.
Facebook uses delegated auth to have your application connect with it. Therefore, the user is intended to put their password into something "trusted" (e.g. the Facebook login page) so that your app doesn't actually see it, and only gets the key as a result. The idea is that users are thus trained to not trust other web pages/apps with their password.
Therefore, FB provides this web popup in their FBConnect library, with no other explicit way of turning a user's credentials into a session.
That said, and I'll answer your technical question since it's a legit question; you could do what you wanted by creating an offscreen UIWebView, hosting whatever the FB login URL is in that web view, and injecting Javascript into the page using stringByEvaluatingJavaScriptFromString:
. That Javascript could take the username/password, fill out the form, and submit it, without the user ever seeing it. Read the FBConnect library code to understand what URL to use, and what to do with the result of submitting the page-- you could wire that back through into the library.
Doing this is (1) fragile, since you'll have to rely on IDs and stuff that can/will change to defeat just such techniques and (2) likely violates terms of use for FB Connect and of course is (3) not great for the health of auth on the web in general, since it doesn't reinforce that users should not trust 3rd parties with their passwords.
And it should absolutely go without saying that if you go it alone and give users a better-looking auth experience, never, ever store or do anything with their credentials besides giving them to Facebook.
Don't do it. This is against policy, and your application will get shut down for it. Like quixoto suggested, this is because we do not want to train users into typing in their password in random places, and because the user has not confirmed the action as per our UX requirements. We are currently working on a redesign of these dialogs to make them prettier.