As a result of the server-side bias in the Graph API, the only way that our application gets informed of the user's extended permissions is when it specifically requested those permissions in the original request; that is, during the initial login—and not otherwise.
For example, if the user becomes authenticated automatically after initializing the Facebook SDK then our application won't be passed details of the user's permissions as, from the API's perspective, it hasn't attempted to authenticate—it's just retrieved an existing, valid access token.
Knowing which permissions our application has just isn't an easy task for a Flash Platform application, primarily because it's a client-side technology and only exists while the user is actually using it. If the user moves to a different computer, then everything the Flash Player might've stored about them is lost—not quite the same deal as with a server-side application.
In this recipe, we're going to...