You won’t be able to access the part after the ‘#’ character as the browser doesn’t send it to the server. You can use it on the client side with javascript though.

It seems that you’re trying to use the javascript based authentication which is not what you really want.

I didn’t have any problems using this oauth2 library. Then you only need to check for params[:code] within your callback action.

UPDATE:

This is a simplified version of the code I used in my experiments with the new facebook graph API:

# Accessible as facebook_url:
# routes.rb: map.facebook '/facebook', :controller => 'facebook', :action => 'index'
def index
  oauth2 = OAuth2::Client.new(FB_API_KEY, FB_API_SECRET, :site => 'https://graph.facebook.com')

  if current_user.facebook_token
    # The user is already authenticated
    fb = OAuth2::AccessToken.new(oauth2, current_user.facebook_sid)
    result = JSON.parse(fb.get('/me'))
  elsif params[:code]
    # Here we get the access token from facebook
    fb = oauth2.web_server.get_access_token(params[:code], :redirect_uri => facebook_url)
    result = JSON.parse(fb.get('/me'))
    current_user.facebook_id = result["id"]
    current_user.facebook_token = fb.token.to_s
    current_user.save
  else
    # The user is visiting this page for the first time. We redirect him to facebook
    redirect_to oauth2.web_server.authorize_url(:redirect_uri => facebook_url, :scope => 'read_stream,publish_stream,offline_access')
  end
end

You don’t really need anything else for it to work.