If you have the ability for php on your server I can help you out with that one. The team at Scirra seem to be more busy with the game related side of the program and after reading I found that we really shouldn't be using the app secret on the javascript side because it can allow others to make unauthorized posts and such from the app. So I've been slowly chipping away at php to integrate it with the javascript offered in Construct2. I just today finished up the ability to generate a new user token using php. This is done using the ajax plugin and browser plugin. It can be done using the construct Facebook plugin but it requires the app secret which Facebook says not to put on the javascript side.
You will need the browser plugin to pull down the information from the address bar and the ajax plugin to both login to the app server side and request an user token. Visit How to log in to your app server side
for more info on how to set up your php files. It look overwhelming but it can easily be boiled down to just a few commands to work with the ajax plugin.
Hope that helps or at least points you in the right direction.
Lance
You can visit my app page at lockegames.com/relicsofyore if you want to see it in action. Once you accept the game it will log you in and show you a valid access token on the screen. I'll leave it up so you can see for a day or two while I start plugging away at some other aspects of the app. You will currently need to change the permissions parameter manually if you want to reload and see it work a second time.
It pulls the code variable down from the address which is used to get an access token, and it can only be used once. So if you leave the permissions set to one in the address bar it won't generate a new code which will kick up an error warning.