Depending on your needs you can use one or the other or both. If you want calls to facebook to be processed before the user sees a certain page then use server side... however if you want to display partial information until the user has authenticated, use javascript authentication.

It boils down to this:

• Javascript authentication can happen with-in a popup window and does not require a page reload you can also just perform a top.location.href redirect.
• PHP authentication involves a redirect to an authentication page.

Also see this thread, in particular this response.

To add to @Lix's answer, I would say:

Client Side Authentication

• When you want some information from Facebook API about the user that is required once, as in you only need to get it once like the user's name and email.
• When you want to temporarily access/manage the user's information/data and don't need to do it often.
• You get a temporary token, which is valid only for a few hours and you need to get a new token to call the Facebook API again after it has expired (which requires the user has to grant permission again).

Server Side Authentication

• You want to manage the user's data (on their behalf) after the user has left your website/app. Example, gathering the user's feed/timeline data on a regular basis.
• When you want to access/manage the user's information/data in a recurring fashion untill the user hasn't revoked access to your client id (represented by a Facebook app).
• You get both a temporary token and a permanent token (which lasts for about 60 days at the time of writing this). You can get a new temporary token by using the permanent token every time you need to call the Facebook API (given the previous temporary token has expired) -- without bothering the user to grant permission again.

So, in short, for short term use, follow client-side authentication flow and for long term use follow server-side authentication (given you have a backend server of your own).