I have a web application that uses Facebook Connect (built in Ruby on Rails 2.3.5 and the Facebooker plug-in) as the only authentication method (for now). I am also using a beta invitation system similar to the one described in RailsCasts.
I don't want the FB Connect button to be always visible, since that can let users without a beta invite to login to the application and end up in a "limbo state" where they are logged in but don't have full access.
But if I hide the FB Connect button, that means that some users with a valid invitation can't log back in (when their session times out).
What is the best design approach to use here?
I would do a check when you get your facebook callback that would say "hey, this person isn't on the beta list, so don't make an account"