Kassem wroteI am assuming that when a user accepts the invitation to the facebook app it will take them to the app page itself, right?
True but that doesn't mean he added your application which would mean using "/me/apprequests" will not work! instead you should get the request id from the url (query string) and extract your data.
Kassem wroteAnd that is where I should extract the code from the data field and then all what the application page will do is to simply redirect the user to mysite.com/User/Register?code=<the extracted code>
Yes, and I assume they'll "allow" your FB application there?
XhacK wroteTrue but that doesn't mean he added your application which would mean using "/me/apprequests" will not work! instead you should get the request id from the url (query string) and extract your data
Oh you mean the request_id will be included in the query string AFTER they've accepted the invitation to my application? In that case, I should be able to get the request id and use the GET /ID/ call to check the data field. But in case they did not accept the invitation to the facebook app, the request_id will be null, right?
XhacK wroteYes, and I assume they'll "allow" your FB application there?
What does "there" refer to? I really do not care about the FB app, all it need to do is just extract the invitation code and redirect. So as long as that happens I do not give a shit whether they've allowed/accepted my FB app or not :)

More problems with Facebook: (OAuthException) (#15) The method you are calling must be called with an app secret signed session
Kassem wroteOh you mean the request_id will be included in the query string AFTER they've accepted the invitation to my application? In that case, I should be able to get the request id and use the GET /ID/ call to check the data field. But in case they did not accept the invitation to the facebook app, the request_id will be null, right?
Correct! as for the question if they didn't accept the invitation (if they click X as called by Facebook), then I have no idea what would happen, but I don't think they will be redirected to your app! maybe the request will be deleted automatically, but I haven't tried it to be honest.
Kassem wrote
XhacK wroteYes, and I assume they'll "allow" your FB application there?
What does "there" refer to? I really do not care about the FB app, all it need to do is just extract the invitation code and redirect. So as long as that happens I do not give a shit whether they've allowed/accepted my FB app or not :)

More problems with Facebook: (OAuthException) (#15) The method you are calling must be called with an app secret signed session
By "there" I mean in your website after accepting the invitation and being redirected, but if you only need to "invitation code" then never mind. :-)

About the other problem, I've answered you on stackoverflow.
8 days later
Ok so XhacK helped me sort the invitations problem out and I'm very thankful :) Now I have another issue which is outlined here: http://stackoverflow.com/questions/6071246/passing-the-signed-request-along-with-the-ajax-call-to-an-actionmethod-decorated

I think it is more of a jQuery issue now. But I'm thinking maybe I should discard the [CanvasAuthorize] attribute and try to authorize the user using the Javascript API instead. Then I believe I should send the signed_request result with the AJAX call, am I thinking right about it?