We're excited to announce that we've simplified the application authorization flow for desktop applications. The new authorization flow uses Facebook Connect and we recommend you use this system moving forward.
We made a few notable changes to the desktop authorization process. They include:
No redirecting the user to a browser. Other than the Facebook Connect login and permission dialogs, you don't need to redirect a user to a browser to log in to your desktop application and grant extended permissions.
Easier prompting for permissions. All you have to do is direct the user to a URL and prompt the user for the permissions your application requires. You can prompt for permission wherever appropriate in your application flow, or at login. A series of dialogs appears, one for each permission, and the user is free to grant them one by one.
Session data gets returned automatically. In order to keep your application secure, we recommend you use the session secret Facebook returns on authorization and use that to make API requests, and not the application secret. You no longer need to create an auth token and create a session using that token. Sessions still last 24 hours.
You can read about it on the Developer Wiki. To see it in action, download Facebook for Adobe AIR, an open source desktop application that uses Facebook Connect for authorization. Or check out the source code.
Please share your feedback in our Developer Forum.