Business Login has two aspects, depending on role:
Business Login has a different UI flow than traditional Facebook Login for granting access to pages and business permissions. It surfaces permissions and pages to give users visibility into what they are sharing with developers.
The entry and exit points of the new Business Login do not differ from the existing login.
Currently, the request needs to contain at least one permission from List A, and cannot contain any from List B. The request must be made from www (currently not supported for mobile):
Through Facebook Login, Facebook gets a log of users going through the flow.
Currently, we do not send back a Page access token. User access tokens have expirations but can be renewed indefinitely.
Consumer permissions will expire after 90 days of inactivity.
You can test to see whether data access has expired by using the Debug Token endpoint:https://developers.facebook.com/docs/graph-api/reference/v3.2/debug_token
Businesses can revoke permissions previously granted to a developer through the Business Integrations settings on Facebook.
If the user cancels the flow, the developer gets a cancel event. If the user completes the flow without granting all permissions, the developer gets access token for granted permissions (using the access token, you can query what permissions were granted).