I am successfully using a GET request to this URL
https://www.facebook.com/logout.php?access_token=ACCESS_TOKEN&confirm=1&next=MY_APP_URL
where MY_APP_URL is of the form https://apps.facebook.com/MY_APP_NAME to force users to log out of Facebook and be redirected back to my app.
However, the UX in the browser is less than ideal. First, it looks like it redirects to MY_APP_URL, and the email / password fields appear in the upper right for about a second. Then, there’s a redirect to login.php and the full page login form appears.
Everything functions correctly with respect to the logout/login, but this 1-2 second display of a different login form is annoying.
Is there a way to streamline this so that there is only one redirect, directly to the login.php URL?
Perhaps I should use the ‘oauth/authorize’ URL as my next instead of https://apps.facebook.com/MY_APP_NAME?
The answer is to set the next parameter of logout.php (shown originally as MY_APP_URL above) to a URL on the same domain as the app.
This URL should redirect the user to the OAuth dialog (described here: https://developers.facebook.com/docs/reference/dialogs/oauth/). The redirect_uri parameter in the call to the OAuth dialog should then be MY_APP_URL as described above.
This way, you don’t get the 1-2 second display of the Facebook chrome before seeing the login page. Unfortunately, it inserts another request/response cycle into the logout/login process.
(Note: It seems like Facebook should automatically redirect a user to the login page if they request a URL of the form http://apps.facebook.com/MY_APP_NAME when they aren’t logged in. Not sure why the FB chrome should show at all.)