The most obvious change is the abandonment of the getSession method. I have also found out that getLoginURL has been changed.
'req_perms' has been changed to 'scope'
'next' has been changed to 'redirect_uri'
'cancel_url' option has been removed. You'll have to find another way. If the user denies access it will be redirected to 'redirect_uri'. The user will also be redirected to 'redirect_uri' if he clicks allow.
You can know if the user denied access by looking at these GET parameters:
[error_reason] => user_denied [error] => access_denied [error_description] => The user denied your request.Also worth knowing is that redirect_uri will not work every time on a single page load (without refreshing the page).
Explanation:
The first time the users sees the oauth dialog there will be two options: Allow and Deny. Both buttons will redirect to 'redirect_uri'.
The second time the user sees the oauth dialog, Deny option will be renamed to 'Leave app'. 'redirect_uri' will still work.
The third time and so on, the button 'Leave app' will redirect to facebook.com/home.php
While this may not be entirely precise, it is true that eventually the Deny/Leave app button will not follow the redirect_uri parameter.