问题描述:

I' m trying to authorize my app using OAuth 2.0 for Canvas. When the user first goes to app by typing http://apps.facebook.com/xxxx it hits my canvas page url and it redirects the user by following code

top.location.href = "https://graph.facebook.com/oauth/authorize?client_id=app_id&redirect_uri=http://apps.facebook.com/xxxx/&display=page&type=user_agent&scope=user_photos,user_likes";

In http://developers.facebook.com/docs/authentication/javascript it says that

Note: If the user does not authorize your application, Facebook redirects the user to the redirect URI you specified, and adds the error_reason parameter to the URI fragment.

But when the user comes to the authorization page there is two options: "Allow" and "Leave App" and if the user clicks the "Leave App" it is not hitting the uri specified at above by "redirect_uri" parameter and redirects the user to his profile page so I can' t understand if the user clicked "Leave App" button. In my previous experiments when the user came the authorization page there were two options which are "Allow" and "Don' t allow" and I could be able to understand if the user clicked the "Don't Allow" button because it was redirecting the user to the specified "redirect_uri" with the "error_reason" parameter(if the user clicked the "Don't Allow" button) mentioned above note.

I tried to authorize a few apps made by other developers and some showed the "Don' t Allow" option while some other was showing "Leave App".

My question is how can I determine if the second option at the authorization page will be "Don' t Allow" or "Leave App"

网友答案:

That documentation seems out of date. You need to have a cancel_url parameter when you request for permission.

相关阅读:
Top