auth.rb

class Auth

  attr_reader :params

  def initialize(koala = nil)
    @koala = koala
    @koala ||= Koala::Facebook::OAuth.new(APP_ID, APP_SECRET, SITE_URL[Rails.env.to_sym])
  end

  def parse_signed_request(signed_request)
    @params = @koala.parse_signed_request(signed_request)
  end

  def user_authenticated?
    @params["user_id"]
  end

  def url
    @koala.url_for_oauth_code(:permissions=>"publish_stream,user_likes,email,user_photos")
  end

  def access_token(code)
    @koala.get_access_token(code)
  end

end

constants.rb

# config/initializers/contants.rb

APP_ID= 'XXXXX'
APP_SECRET= 'XXXXXX'
SITE_URL = {}
SITE_URL[:development] = "http://localhost:3000"
SITE_URL[:production] = 'http://apps.facebook.com/XXXXXXX/'

home_controller.rb

class HomeController < ApplicationController 

def get_token

  auth = Auth.new

  if params[:signed_request]
    session[:signed_request] = auth.parse_signed_request(params[:signed_request])

    if auth.user_authenticated?
      access_token = auth.params["oauth_token"]
      session[:access_token] = access_token
   
      fb_id = auth.params["user_id"]
      @user = User.find_or_create_by_fb_id(fb_id)
      @user.set_data_from_fb access_token
      session[:signed_request] = auth.parse_signed_request(params[:signed_request])
      @oauth_token = session[:signed_request]["oauth_token"]

    elsif user_declined?
      redirect_to declined_path
    else
      javascript_redirect_to auth.url
    end
  end
end

private

def user_declined?
  params[:error_reason]
end

def javascript_redirect_to(url)
  render :inline => "<script type=\"text/javascript\">top.location.href = \"#{url}\";</script>"
end

end