Let me explain how this sort of FB login works. There is of course the alternate method used for desktop applications, which would make it possible, but this website doesn’t use it.

So heres the deal:

The login button opens a link on facebook servers containing the api key of the website and some arbitrary information. So far so good. You could simulate that easily.

Then after accepting the privacy stuff you get redirected back to the website. You can simulate that as well.

But then comes the burden:

The location you get redirected to contains an facebook token after the hashtag (#).

The website can then read this token by Javascript and use it to query the facebook api to confirm your dientity.

The reason why this is done that way is easy:

Think about it. Everyone could fake a request in the name of the website and read your private data. But everything after the hashtag is never readable by the server the request is directed to. The web browser just does not pass it and it would be violating http standards and cause an error.

The only way to access it is by javascript. And this can only be by the website serving the request (where facebook redirects to). And the domain where facebook redirects to is locked by the application key owner.

You see javascript is an essential part of the security here.

I think it is very insecure indeed because there are many possible explits, but its very easy which is a reason why this form of login is spreading so much in comparision to e.g. openid.

So to sum it up: You need simulate a fully javascript enabled browser. It is partly possible but very complex and there are no out of the box solutions for that.