I've been testing the auth/login code for the javascript sdk and I've noticed that facebook only detects the cancelled permissions request when a user arrives at my app not logged into facebook, but if a user is already logged in to facebook and they cancel the same permissions request, FB.login doesn't return the "unknown" status the way it does under the first condition.
$("button").click(function(){
FB.login(function(response) {
/*when the user clicks the button but isn't logged in, fb will prompt
them to log in and then shows the dialogue where I request
permissions. If I hit cancel, the response status will return
"unknown" and I redirect to another page. */
if(response.status === "unknown"){
top.location.href = "https://developers.facebook.com/docs/facebook-login/access-tokens/";
}else{
/*However if the user is already logged in and the permissions
request is cancelled, the code goes into this block that is meant to
handle a "connected" response */
console.log("connected");
},{scope: 'user_location,user_likes'});
});