iPhone - server side validation



I followed the tutorial to use reverse auth on io6

However, it requires me to store the secret key (encrypted or not - in any way it is not secured) on the device.

This really bothers me.

I do have API code in Java so if needed I can make a server call.

What should be the flow in this case? Where in the example TWReverseAuth example I should use BE to retrieve the token and from that on the iPhone app?