When user opens my canvas app I get a signed_request from Facebook, from which I derive the user_id and oauth_token. How can I then get the access_token and check/get user permissions and other data?
The oauth_token you're talking about is also the users access_token, they should be exactly the same.
To check the users permissions you can make a GET call to /me/permissions this should return a data array similar to the below
{
"data": [
{
"installed": 1,
"read_stream": 1,
"manage_notifications": 1,
"manage_pages": 1,
"user_likes": 1,
"user_activities": 1,
"user_interests": 1,
"user_photos": 1,
"user_about_me": 1,
"type": "permissions"
}
]
}
Depending on what the other data you wish to access you will need to ask for more permissions and then call the appropriate API end points. For example to get the users basic information make a call to /me or to get a list of their friends /me/friends
You can find all the permissions you can ask for at https://developers.facebook.com/docs/reference/api/permissions/
And all the information about where to call in the API for retrieving the different bits of data you require here https://developers.facebook.com/docs/reference/api/