Global access tokens

[chrisjhoughton]

Hi Cristiano,

This is more of a question than an "issue" as such, but I thought it was worth querying the fundamentals of how access tokens are set within the fbgraph module. Correct me if I'm wrong, but it looks like they're being set on a global application level rather than a user level. As a result, issues can be caused when:

• User A logs in, we set their access token, and the /me endpoint is queried
• User B logs in, we set their access token (which is different to user A), and the /me endpoint is queried
• User A now wants to get a list of all their friends, so the /me/friends endpoint is queried
• Oh no! User A has actually got back user B's friends, because the access token for user B is still assigned to the graph object.

The way I've got round this issue so far is by always calling graph.setAccessToken directly before any queries. Another way of handling this would be to require the module within individual queries, but I've never seen this done in node, there must be a reason for this...

So I guess my question is - was this by design? Am I missing or not considering something?

[chrisjhoughton]

Just seen https://github.com/criso/fbgraph/issues/19. Ignore this thread.