Facebook authentication returns "denied" even if I click allow

Question

If I open this url:

https://www.facebook.com/dialog/oauth?client_id=298062603388&response_type=token&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html

And click "Allow", the browser should be redirected to an URL like

https://www.facebook.com/connect/login_success.html#access_token=...

And I did see that happen, earlier. However, now what it's actually pointed to is always

https://www.facebook.com/connect/login_success.html?error_reason=user_denied&error=access_denied&error_description=The+user+denied+your+request.

So it says I clicked "Deny", even if I didn't. The page even says "Success" (though it might just be a static file, as the URL implies)

I don't think I'm doing anything wrong (I get the information from this page, at the bottom, "Desktop apps"), but it would be foolish to immediately lay the blame on a Facebook bug.

I also couldn't create new apps on Facebook right now though (I get a nondescript "Sorry" error message). Could that have something to do with it?

Answer 1

Took me a little while to figure this one out. The issue is related to the fact that you are in sandbox mode, but disabling it is not the way to fix this.

When you add a Facebook user to your app (as a tester, developer, admin, etc) they are initially given a Pending status. While the user has that pending status, they can view your Facebook app but can not grant privileges to it.

To remove the pending status, you need the person who you've granted the role to to log into their account. In their notifications you will see that they have been granted the role for the Facebook app. The user then has to click on that notification and accept it. Once accepted, the user is no longer pending and can accept Facebook privilege requests from the App.