Remove FB.setAccessToken and warn when accessToken option is set on global `FB`

Question

Remove FB.setAccessToken and warn when accessToken option is set on global `FB`

dantman opened this issue 7 years ago · 0 comments

FB.setAccessToken is very dangerous. Someone who doesn't understand the async nature of Node may use FB.setAccessToken in a web request not knowing that this will leak the access token to other requests.

The only valid use for FB.setAccessToken is for things like command line scripts where you know that there is only one access token/user. However for these scripts it's fairly easy to just const FB = new Facebook({accessToken: ...});.

As such I think it would be a good idea to remove setAccessToken and emit a warning when accessToken is set through FB.options on the global instance.