Scenario: I built a Facebook tab application that requires authorization. The application is installed on a Facebook page. When an unauthorized user accesses the application I redirect to the OAuth dialog:
http://www.facebook.com/dialog/oauth?client_id=appid&redirect_uri=http://www.facebook.com/pages/page name/pageid?sk=app_appid&scope=user_birthday,user_location&display=page
Note the "redirect_uri" is the Application on the installed Facebook page. So, if the user allows we redirect to the tab application - This works fine!
But, if the user denies access (clicks Cancel button - using new OAuth dialog). The user is again redirected to the tab application and again redirected to the OAuth dialog.
I have noted from the documentation that when the user denies access the browser will redirect to the "redirect_uri" with the following parameters: error=access_denied& error_description=The+user+denied+your+request.
But if Facebook is using an additional redirect to my application from the "redirectt_uri": http://www.facebook.com/pages/page name/pageid?sk=app_appid
...the error response seems to be lost. Note: I can successfully capture the error parameters when setting the "redirect_uri" to the canvas url, but I need to have the redirect_uri formatted to open the application in the context of the installed Page if the user allows access.
How would I capture the error parameters in this scenario?
