I' m trying to authorize my app using OAuth 2.0 for Canvas. When the user first goes to app by typing http://apps.facebook.com/xxxx it hits my canvas page url and it redirects the user by following code
top.location.href = "https://graph.facebook.com/oauth/authorize?client_id=app_id&redirect_uri=http://apps.facebook.com/xxxx/&display=page&type=user_agent&scope=user_photos,user_likes";
Note: If the user does not authorize your application, Facebook redirects the user to the redirect URI you specified, and adds the error_reason parameter to the URI fragment.
But when the user comes to the authorization page there is two options: "Allow" and "Leave App" and if the user clicks the "Leave App" it is not hitting the uri specified at above by "redirect_uri" parameter and redirects the user to his profile page so I can' t understand if the user clicked "Leave App" button. In my previous experiments when the user came the authorization page there were two options which are "Allow" and "Don' t allow" and I could be able to understand if the user clicked the "Don't Allow" button because it was redirecting the user to the specified "redirect_uri" with the "error_reason" parameter(if the user clicked the "Don't Allow" button) mentioned above note.
I tried to authorize a few apps made by other developers and some showed the "Don' t Allow" option while some other was showing "Leave App".
My question is how can I determine if the second option at the authorization page will be "Don' t Allow" or "Leave App"
That documentation seems out of date. You need to have a
cancel_url parameter when you request for permission.