This is more of a question than an "issue" as such, but I thought it was worth querying the fundamentals of how access tokens are set within the fbgraph module. Correct me if I'm wrong, but it looks like they're being set on a global application level rather than a user level. As a result, issues can be caused when:
User A logs in, we set their access token, and the /me endpoint is queried
User B logs in, we set their access token (which is different to user A), and the /me endpoint is queried
User A now wants to get a list of all their friends, so the /me/friends endpoint is queried
Oh no! User A has actually got back user B's friends, because the access token for user B is still assigned to the graph object.
The way I've got round this issue so far is by always calling graph.setAccessToken directly before any queries. Another way of handling this would be to require the module within individual queries, but I've never seen this done in node, there must be a reason for this...
So I guess my question is - was this by design? Am I missing or not considering something?
Hi Cristiano,
This is more of a question than an "issue" as such, but I thought it was worth querying the fundamentals of how access tokens are set within the fbgraph module. Correct me if I'm wrong, but it looks like they're being set on a global application level rather than a user level. As a result, issues can be caused when:
/me
endpoint is queried/me
endpoint is queried/me/friends
endpoint is queriedgraph
object.The way I've got round this issue so far is by always calling
graph.setAccessToken
directly before any queries. Another way of handling this would be torequire
the module within individual queries, but I've never seen this done in node, there must be a reason for this...So I guess my question is - was this by design? Am I missing or not considering something?