How can you detect if a user previously authorized a tab application, without showing the user an authorization dialog? This is a user experience concern. We don’t want to throw the user at an authorization dialog without a call-to-action, but we don’t want a call to action to be shown to log the user in if the user previously authorized the app.
Here’s the scenario. A tab application is hosted on a page that has several other applications. In Facebook, the ‘Like’ button does not work at the tab level but on a page level, so a user may have liked a different application without having seen the current application. Therefore, if any ‘Like gate’ is used on the landing page of a tab application, and authorization is required to use the app, then when we log the user in the user will be immediately shown the authorization screen without a call to action, unless we can detect that the user previously authorized this application.
You could use the javascript SDK and check the login status to see if they have authorized your application. If they have, you could redirect with javascript elsewhere or make the calls you need. If they haven’t you could then show the call to action on your page. Something like:
But this will only tell if you if they are currently logged in and authenticated with your application or not. The only way you would be able to tell if this is a returning user vs a brand new user is if Facebook sent over the userId in the signed_request like ifaour mentioned (then you could call /userId/permissions with your app access token or look up in your database), but Facebook most likely won’t send the userId since your users probably aren’t authenticating with your individual tab application but a different shared application key.