As you all know recent changes in privacy issues made Facebook to change their basic API and added some security concerns. From my best practise, most of the old applications are safe, but you will be in trouble when you create new application. By default you cannot access user’s photos, profile pictures , albums etc. If you continue with old REST API, you may face this problem. You will get an empty array or json string when you call photos.getAlbums function.
If you test these functions from Facebook Console Tool:
It returns real value when you select old applications and returns empty string  if you select your newly created Facebook app.
To get all those support, you need to use new Graph API
But if you follow the same steps mentioned in that official document, you will still get this empty string problem. Because, in the basic authentication call, there is no permission type is mentioned. You can only see a basic message with Allow or Deny button.
According to that document, as the part of authentication, you need to call this url with your client id and redirect url and it returns an access_token after a #
You need to use this access_token to request all other functions, eg:
This call will work for most of the requests except photos or albums. So the mistake in these calls are the permission.
Here is the correction:
Here we pass perms parameter to set different permission and if you use the access_token after this request , you can access user photos and albums. You can see another permission popup with album and photo access.
Here is the list of such extended permissions in Facebook.
If you use new Facebook PHP Graph SDK , you cannot get these problems, but there is still another hidden problem if you continue testing code by the example provided by them.
It is my next POST . See you at there