The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.

For the purpose of this tutorial, we're going to select Messenger. In the Access Tokens section, select the dropdown list under Page to select the Facebook page you want to use.

The access is revoked. If the user had revoked the access, Facebook will have no authority to access the account on your device; the session will not be valid until you verify the access token.

Facebook has announced that it found no evidence that attackers had used stolen account access tokens on other websites or apps that enable users to access their accounts using Facebook Login ...