I just dealt with this myself, and here's the part that bit me:
In your step 5... It's possible for a user to register for an account with you entirely separate from their Facebook ID, right? Then some other time they log in with Facebook.... And you just created them a second account and lost their first one.
There needs to be a way to be logged in to your web service, then log in to facebook, and capture the association between the facebook ID and the local account.
Apart from that, your plan sounds solid.
Update: Facebook has added a doc outlining such a scenario HERE
Assuming the page is Alcohol gated (In the OP's example the page was an alcohol page) you must access the page with an access token for a user who meets the alcohol restrictions.
For alcohol specifically, any user over 21 should be able to do this, and for some markets it's lower (depending on the drinking age in that market).
In the general case, if a page has demographic (country or age) restrictions on its visiblity, is restricted for alcohol reasons, or is unpublished, A Page or App access token will not work when trying to access that page's details or feed.
You must use a user access token for a user who has permission to view the page.
If the user does not meet the restrictions placed by the page admin, false
was returned.
This has (since September 2012) been replaced with an OauthException with the text Unsupported get request.
and code 100
This is a catch-all error which usually means a privacy check has failed.
For pages, the cause is almost certainly that the page is unpublished, gated to certain countries or age groups, or marked as an alcohol page
Best Answer
add user_likes permission to your application