I’ve been working on a Facebook application for a client, integrating Facebook functionality with an existing Ruby on Rails backend. Using iFrames instead of FBML seems to be the best option for established sites, but unfortunately support for this route is rather limited. Facebooker is the only Rails plugin option now that RFacebook is defunct, and is definitely geared toward FBML — the actual book on the subject never once mentions iFrames.
Facebook itself has been making strides in supporting iFrames, but still seems a little spotty. The iFrame route apparently being the ugly duckling of Facebook programming, there isn’t much of an online community around this approach, either. One good blog post on the topic is here: http://webjazz.blogspot.com/2008/03/gotchas-of-internal-iframe-facebook.html, but it doesn’t address all of the issues I ran into:
Double or Nothing
The catch: once the user accepts the installation, they may be redirected to your page sans Facebook frame altogether.
The cause: check your “Post-Authorize Redirect URL” in the facebook app settings. This should be relative to your Canvas URL and start with http://apps.facebook.com. Do NOT use the app URL on your domain, because it will not be facebook-framed.