The Facebook Graph API, which applications use to obtain access tokens for use in requests, uses the same method for obtaining new Extended Permissions as it does for logging in—both of these actions work with the same underlying methods in the ActionScript and JavaScript SDKs, and both launch authentication pop-up windows with content from the Facebook.com website.
Transforming a login dialog request to a login-plus-permissions dialog is as simple as listing the codenames of the required Extended Permissions in an additional parameter on the login method call, and that will trigger a change in the style of the login window accordingly.
When an application requests permissions the user can only accept or deny the permissions request wholesale—they can't be selective about it.
The ideal workflow for any Facebook API request is to make sure that it succeeds first time, as the most common point of failure (besides an outright programming error on our part) is a...