Facebook Connect Bug? (Post-Authorise URL Being Put in Window Instead of OnLogin Callback)

Question

I have a ASP.NET web site which uses Facebook Connect for authentication - using the JavaScript API and the Facebook Connect FBML Button.

Here is the regular flow of events for a "Connect with Facebook" button click, when user isnt logged into Facebook.

1. Dialog is shown requesting user to login
2. Dialog requests permission from the user for basic info permission
3. The popup is closed
4. The callback function i supplied for "onlogin" is fired.

All good.

Now - here's what i think is a bug: the user is already authenticated to Facebook, but has not authorised my app.

This is the flow:

1. Dialog is shown requesting permission from the user for basic info permission
2. The URL for the popup changes to http://rootofmysite.com/?installed=1&token=3e3920d309
3. The user is left wondering what is going on, and the onlogin callback is NOT fired.

So, the popup window is replaced with my original site, and in the querystring is the OAuth token? This looks to be the "Post-Authorise Callback" URL which used to be in the Facebook Application Settings - but has been removed. Anyway, i dont care about this URL - i request permissions/authorization using the client-side JavaScript API, as im a sure a lot of people do.

I understand the user is already authenticated, so they wouldn't need to login again, but what i dont understand is a) why the "onlogin" event handler is not called, and b) why on earth are they replacing THEIR dialog with my site and the OAuth token in the url?

At the moment, i am trying to do a "creative workaround" where i detect this URL and close the popup and call my "onlogin" handler manually (what Facebook SHOULD be doing).

Still, quite dodgy.

EDIT

It's another bug peoples. Please vote for it so they fix it.

Answer 1

It's a (unconfirmed) bug.

http://bugs.developers.facebook.net/show_bug.cgi?id=12260

Hopefully it gets more votes so it gets fixed - vote people!

In the meantime, i am (attempting) to employ the following 'creative workaround':

1. Add logic to my Default.aspx page to detect that URL they are redirecting to in the popup.
2. Redirect to my page, FacebookInboundAuthorization.aspx, preserving querystring.
3. On load of that page, register some JavaScript to close the popup and manually fire the "onlogin" event handler for my button.

EDIT

To clarify my above, i didnt mean "vote people" as in to vote for my answer here, i meant vote for the bug on Bugzilla (so that FB accept it as an issue and fix it).