How important is it to keep OAuth's access token secret?

Update: if you are having the user connect with the javascript sdk, the user id and access tokens are already be stored in cookies for your site. Check the http cookies being sent. If they are not, check the FB.

Init documentation, as FB. Init has a cookies boolean parameter you can set so that it will create a cookie for you named fbs_{APPID}. This post talks about that cookie.

Yes, the access token is equivalent to your username/password. Most implementations will expire the access token after a time but while it is still valid it must be kept a secret.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.