VERY IMPORTANT: How do you manage multi user? Possible terrible bug

[bitplanets]

For example:

• User A logins with FB
• FB stores the access token of User A
• User B request /me and will get the User A

You should allow me to instance the FB with the access token for each user request.

I've tried to remove the access token when the request is finished. But errors can happen the same:

• User A logins with FB
• FB stores the access token of User A
• Some async call start *
• User B request /me and will get User A
• That async call ends *
• Now the auth token is removed

Problem remains.

You should instead do this:

var myFB = new FB({authToken: 'asda12e312'})
// Now myFB is an object created in the request callback which 
// can be used without worrying about managing authTokens

Or I'm missing a really big point or something is very wrong.

[dirkbonhomme]

I always pass the access token as an option instead of using FB.setAccessToken() globally.

FB.api('me', { fields: ['id', 'name'], access_token: 'access_token' }, function (res) {
    console.log(res);
}

https://github.com/Thuzi/facebook-node-sdk#access-tokens

[bitplanets]

Anyway I prefer to keep it clean, so I've moved to this one: https://github.com/amachang/facebook-node-sdk

Which allows me to do:

getFB: function(){
    console.log(this.session)
    if(!this.session || this.session.fbAccessToken === void 0) return false;
    if(!this.__facebook){
        var facebook = new Facebook({
            appID  : 'xxx',
            secret : 'xxx'
        }).setAccessToken(this.session.fbAccessToken);
        this.__facebook = facebook;
    }
    return this.__facebook;
},
setFbAccessToken: function(fbAccessToken){
    this.session.fbAccessToken = fbAccessToken;
},

And in my request I just do: this.getFB().api('/me', ...). Notice that I don't even care about the token here.

Thanks anyway for your example, would be useful if I would use this lib.

If you want to use the api compaitible with FB JS SDK, pass access_token as parameter.

This doesn't say much, but the author should have a big warning about this design choice. Novice users might make a huge mistake and mess everything, which is very very dangerous. I noticed because I hate singletons and every time I see them, something is smelly, in this case I've been right.

[arthurpark]

I encountered with this issue today. I think documentation (README) can be updated to help this. There should be a eye-catching caution for multi user scenario.

[dantman]

Feel free to bikeshed what text you think belongs in the README and submit a pull request to https://github.com/node-facebook/facebook-node-sdk

[dantman]

1.1.0-alpha1 is ready for testing (use npm install fb@^1.1.0-alpha1).

The 1.1.0 release includes a new alternate API besides specifying access_token in FB.api calls. You can also use FB.withAccessToken('access_token') to get a FB instance with its own access token.