See This: https://developers.facebook.com/blog/post/552/ Change in Session Redirect Behavior This week, we started adding a fragment #_=_ to the redirect_uri when this field is left blank. Please ensure that your app can handle this behavior.
Summary; https://github.com/mlavin/django-all-access https://github.com/pennersr/django-allauth https://github.com/omab/django-social-auth https://github.com/uswaretech/Django-Socialauth https://github.com/hiidef/oauth2app https://github.com/timetric/django-oauth https://github.com/daaku/django-oauth-consumer https://github.com/eldarion/django-oauth-access https://github.com/dgouldin/python-oauth2 https://github.com/henriklied/django-twitter-oauth https://launchpad.net/django-openid-auth https://www.djangopackages.com/grids/g/oauth/ http://peterhudec.github.io/authomatic/ django-all-access django-all-access is a reusable application for user registration and authentication from OAuth 1.0 and OAuth 2.0 providers such as Twitter and Facebook. The goal of this project is to make it easy to create your own workflows for authenticating with … Read more
As someone also commented, Facebook has offered alternatives. https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal
Edit (August 14th 2012): A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions. Also, the function no longer actually returns the token, but instead stores it … Read more
https://graph.facebook.com/app/?access_token=[user_access_token] This will return the app this token was generated for, you can compare that against your app’s id.
I figured out the answer; rather than adding additional parameters to the redirect URL, you can add a state parameter to the request to https://www.facebook.com/dialog/oauth: https://www.facebook.com/dialog/oauth ?client_id=MY_CLIENT_ID &scope=MY_SCOPE &redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar &state=6234 That state parameter is then passed to the callback URL.