ASP.NET WebApi Identity Facebook login access denied -

i'm building asp.net (4.6) webapi project , i'm using asp.net identity authenticate facebook, google , microsoft api. have managed authenticate google , microsoft, not facebook. i'm using visual studio 2015

the problem access denied every time authenticate. scenario goes this:

1. i make api call localhost:2975/api/account/externallogins?returnurl=%2f&generatestate=true through browser.
2. i receive link api every external provider api support. in facebook case got localhost:2975/api/account/externallogin?provider=facebook&response_type=token&client_id=self&redirect_uri=http%3a%2f%2flocalhost%3a2975%2f&state=99...01
3. i go link browser, , gets redirected facebook login page.
4. i authenticate facebook, , dialog window appears , asks permission requested information me.
5. i accept , gets redirected api error "access_denied". localhost:2975/api/account/externallogin gets called.

i haven't figured out problem comes from, whether permission setting in facebook app, facebook user log in with, or if problem lies in asp.net identity template.

regarding facebook have created test app of app, pushed live app. can find app on facebook profile, , i've removed several times. facebook profile has administrator role of app. have created test users, added friend of mine developer/tester of app. problem remains. read somewhere there should pending request app should accept, haven't found any.

regarding asp.net identity template error received in process:

accountcontroller.cs:

public async task<ihttpactionresult> getexternallogin(string provider, string error = null) {     if (error != null)     {         // api comes in step 5 above         return redirect(url.content("~/") + "#error=" + uri.escapedatastring(error));      }      if (!user.identity.isauthenticated)     {         // api comes in step 2 above before redirects me facebook login          return new challengeresult(provider, this);      }      externallogindata externallogin = externallogindata.fromidentity(user.identity claimsidentity);      // untouched logic     // .... } 

when use google chromes network tool can see gets redirected link: facebook.com/login.php?skip_api_login=1&api_key=xxx&signed_next=1&next=https%3a%2f%2fwww.facebook.com%2fv2.6%2fdialog%2foauth%3fredirect_uri%3dhttp%253a%252f%252flocalhost%253a2975%252fsignin-facebook%26state%3d...%26scope%3demail%252cpublic_profile%26response_type%3dcode%26client_id%3d...%26ret%3dlogin%26logger_id%3d...&cancel_url=http%3a%2f%2flocalhost%3a2975%2fsignin-facebook%3ferror%3daccess_denied%26error_code%3d200%26error_description%3dpermissions%2berror%26error_reason%3duser_denied%26state%3d...%23_%3d_&display=page&locale=sv_se&logger_id=... there cancel url predefined error: "access_denied", error code: 200, reason: "user_denied", maybe "access_denied" error receive isn't accurate?

other relevant code can come in startup.auth.cs (i never onauthenticated part though):

var facebookoptions = new facebookauthenticationoptions() {     appid = "xxx",     appsecret = "xxx",     scope = { "email", "public_profile" } }; facebookoptions.provider = new facebookauthenticationprovider() {     onauthenticated = (context) =>     {         context.identity.addclaim(new claim("urn:facebook:access_token", context.accesstoken, claimvaluetypes.string, "facebook"));         context.identity.addclaim(new claim("urn:facebook:email", context.email, claimvaluetypes.email, "facebook"));         return task.fromresult(0);     } }; app.usefacebookauthentication(facebookoptions); 

it feels i've tried everything. ideas on how solve this?

thanks in advance!

from this post in line

context.identity.addclaim(new claim("urn:facebook:email", context.email, claimvaluetypes.email, "facebook")); 

the context.email null.