I'm developing an application for Facebook using the iframe mode and ASP.NET.

I'm able to use the new OAuth method that combines the allow and the extended permissions. When I click on the Allow everything works as expected, but when I click on the "Don't Allow" I get a 500 internal error. The Request For Permission url is:

http://www.facebook.com/connect/uiserver.php?client_id=389845102120&scope=publish_stream%2Cuser_birthday%2Cemail&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fplumreward%2FDefault.aspx%3Fpid%3D124733857540930&display=page&next=http%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_success%3Fclient_id%3D389845102120%26scope%3Dpublish_stream%252Cuser_birthday%252Cemail%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fplumreward%252FDefault.aspx%253Fpid%253D124733857540930%26type%3Dweb_server&cancel_url=http%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_cancel%3Fclient_id%3D389845102120%26scope%3Dpublish_stream%252Cuser_birthday%252Cemail%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fplumreward%252FDefault.aspx%253Fpid%253D124733857540930%26type%3Dweb_server&app_id=389845102120&method=permissions.request&return_session=1&perms=publish_stream%2Cuser_birthday%2Cemail

When I click don't allow it goes to http://www.facebook.com/connect/uiserver.php and then to

http://graph.facebook.com/oauth/authorize_success?client_id=389845102120&scope=publish_stream%2Cuser_birthday%2Cemail&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fplumreward%2FDefault.aspx%3Fpid%3D124733857540930&type=web_server&perms&selected_profiles=567961887

with a HTTP 500 Internal Server Error.

What am I doing wrong? Am I missing a setting, parameter? Is this a FB bug?