We've been using the the java-facebook library for quite some time (a few years), though it appears one reason we're not getting any new users through FB, is that new users are seeing an error, which I understand is because of FB's new (in June) security.
Currently, we have a "simple" Canvas FB app, using FBML, which users can access via:
http://apps.facebook.com/$MYAPP
The Canvas URL is returning:
http://www.facebook.com/connect/uiserver.php?app_id=$APPID&next=http%3A%2F%2Fapps.facebook.com%2F$MYAPP&display=page&locale=en_US&return_session=0&fbconnect=0&canvas=1&legacy_return=1&method=permissions.request
This URL, for new users (who have not previously authorized our app) comes back with:
API Error Code: 100
API Error Description: Invalid parameter
Error Message: next is not owned by the application.
Existing users (who had enabled the app prior to June) are able to access it without any problems.
Our site URL is specified as:
http://apps.facebook.com/$MYAPP
This error appears to imply that the site URL and the next URL need to be on the same domain, and not on facebook.
I've been able to change the Site URL to be:
http://www.OURREALAPP.com/
And, the domain to be:
OURREALAPP.com
And then, was able to change the Canvas URL to return:
https://graph.facebook.com/oauth/authorize?client_id=$CLIENT_ID&redirect_uri=http%3A%2F%2Fwww.OURREALAPP.com%2F$URL%2F
This works great, the first time. It prompts for permission, and displays the correct data. However, if we access it a second time, it doesn't show it in a "Facebook frame", ie, it sends the user directly to the application.
I've also tried modifying the redirect_uri to go to apps.facebook.com/$MYAPP ... but this gives us an error about not owning the URL.
What do we need to do? Any ideas?
Thanks!