Ok, in my continuing quest to get OAuth working with the Facebook API and ColdFusion I learned another lesson. CFLOCATION or redirection via CFHEADER is not liked by the Facebook API, seems HTTP Status Code 301 or 302 cause you to land on a page with a Facebook Logo on it and then you need to click the logo to end up on the page where a user can authorize your application. I changed the CFLOCATION to a JavaScript top.location.href, all of a sudden the magic started happening the way I wanted it.
Next on the list, OAuth error handling in case a user has de-authorized your application, their access token has expired, the user has logged out or a couple of other cases. In any of these cases simply re-direct to the authorization page.
