So after messing with Facebook's Graph Explorer and attempting hundreds of different combinations with put_connections I decided to make a straight graph_call using Koala.
Finally got an ID response back. I almost cried. Thought I'd share with the community in case there's someone else trying to do the same thing.
event_response = graph.graph_call("/me/events",{
name:safe_params[:name],
start_time: safe_params[:start_time],
privacy_type: safe_params[:privacy],
access_token: current_user.oauth_token}, "POST")
safe_params[:fb_id] << event_response["id"]
@event = Event.create safe_params
I make the call in a stored variable event_response because the Facebook Id returned is used in my app.
First thing I found out: despite using "privacy" as the name of the privacy field when GETting from Facebook and saying so in their documentation, "privacy_type" is actually what you want (found this out in another SO post).
The second thing I found out is even though you are authenticated (have a user token) when you make a graph_call you STILL need to pass along the current_user access token along with making a POST graph_call.
Hope this helps someone!