Facebook permission Scopes are buggy

[xaviervia]

When setting up connect-oauth for Facebook, like this:

app.use(auth([auth.Facebook(
  appId: fbId
  appSecret: fbSecret
  scope: ["manage_pages", "publish_actions"]
  callback: fbCallbackAddress
)]));

only the publish_actions permission will be actually requested to Facebook. After long debugging we found out that this was because connect-oauth will send the POST body like this:

...&scope=manage_pages&scope=publish_actions...

and the first scope gets overridden by the second.

We solved this problem in our code by just setting scope: ["manage_pages,publish_actions"], but still I report it just in case the same problem occurs to other users.

Cheers