When setting up connect-oauth for Facebook, like this:
scope: ["manage_pages", "publish_actions"]
only the publish_actions permission will be actually requested to Facebook. After long debugging we found out that this was because connect-oauth will send the POST body like this:
and the first scope gets overridden by the second.
We solved this problem in our code by just setting scope: ["manage_pages,publish_actions"], but still I report it just in case the same problem occurs to other users.