I have configured a URL for the deauthorize callback but I don't know what do you have to place inside that file and it's not being called.
How do you handle this?
How do you handle and the user acceses for the first time the app and clicks cancel, and how do you handle the removal of the app once the user has "accepted" it on its profile.
Thanks.
I know its an old question, but i had the same issue as you, and found it rather hard to solve, so here is one possible solution for others with the same problem:
Put the code below in your deauth file (it is very simple and should be adjusted, but does the job)
$signed_request = $_REQUEST['signed_request'];
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig); // Use this to make sure the signature is correct
$data = json_decode(base64_url_decode($payload), true);
$user_id = $data['user_id'];
Now you have the userid, and can do whatever you want with it.
Hope this will help :)