The status_update permission you are using in the scope for the loginUrl is not a valid permission. Take a look at the docs.
That could be your problem.
Also remember, that if a user has already authorized your app, they will not see the permission dialog again on subsequent logins. They will only be taken through the facebook login procedure.
EDIT:
Take a look at the image I've attached, facebook will on redirect to the url you specify in the site url field in app settings: