… why we can't have nice things. facebook/php-sdk@54acf92
Summary: When using the REST API methods when an invalid access token error was returned it never cleared the local session data which in turn could end up in a nice loop.
…token Summary: One can destroy their access token via the rest API or by deleting their permissions using $facebook->api('/FBID/permissions', 'DELETE'); In this case we need to ensure that there is the ability to revoke the persistent storage. We can autoamte this with the REST API but not the graph.
check HTTP scheme for proxied requests
Check several environments because some HTTP server does not set or set different name the environment named "HTTPS", And consider servers located back on some load balancers or reverse proxies.
… AppID and Secret". Hopefully this will clear up some confusion.
Unit tests can be run from the command line using: phpunit --colors --coverage-html coverage --verbose --stderr --bootstrap tests/bootstrap.php tests/tests.php Changes: + Added a new bootstrap file (as bootstrap.php) that helps the unit tests run more smoothly. + Allow for the possibility that session_start has already been called prior to construction of a Facebook class. + Updated the app-secret unit test to confirm that Desktop applications require a user access token to get insights. + Make sure that current URLs like /example.php?a=b&c=&d retain their structure (don't strip or introduce an equals sign for valueless GET params), and added unit tests to exercise this. + CSRF state is now managed using the persistent store instead of cookies.