mapbox · peterqliu · Jul 10, 2019 · Jun 17, 2019 · Jun 17, 2019 · Jun 18, 2019
diff --git a/debug/token.html b/debug/token.html
@@ -13,11 +13,14 @@
 
 <body>
 <div id='map'></div>
-
+<div id='hidden' style='display:none'></div>
 <script src='/dist/mapbox-gl-dev.js'></script>
 <script src='/debug/access_token_generated.js'></script>
 <script>
 
+    // 1) first map should work with its valid local accessToken, despite the bad global mapboxgl token 
+    // 2) first map should keep working properly, despite the bad token in the second map
+
     var mapToken = mapboxgl.accessToken;
     mapboxgl.accessToken = 'notAToken';
 
@@ -30,6 +33,15 @@
         accessToken: mapToken
     });
 
+    var map2 = new mapboxgl.Map({
+        container: 'hidden',
+        zoom: 12.5,
+        center: [-77.01866, 38.888],
+        style: 'mapbox://styles/mapbox/dark-v10',
+        hash: true,
+        accessToken: 'anotherBadToken'
+    });
+
 </script>
 </body>
 </html>
diff --git a/src/index.js b/src/index.js
@@ -70,6 +70,7 @@ const exported = {
     },
 
     set baseApiUrl(url: string) {
+        console.log('setting');
         config.API_URL = url;
     },
 

diff --git a/src/source/vector_tile_source.js b/src/source/vector_tile_source.js
@@ -73,8 +73,8 @@ class VectorTileSource extends Evented implements Source {
                 extend(this, tileJSON);
                 if (tileJSON.bounds) this.tileBounds = new TileBounds(tileJSON.bounds, this.minzoom, this.maxzoom);
 
-                postTurnstileEvent(tileJSON.tiles);
-                postMapLoadEvent(tileJSON.tiles, this.map._getMapId(), this.map._requestManager._skuToken);
+                postTurnstileEvent(tileJSON.tiles, this.map._requestManager._customAccessToken);
+                postMapLoadEvent(tileJSON.tiles, this.map._getMapId(), this.map._requestManager._skuToken, this.map._requestManager._customAccessToken);
 
                 // `content` is included here to prevent a race condition where `Style#_updateSources` is called
                 // before the TileJSON arrives. this makes sure the tiles needed are loaded once TileJSON arrives

diff --git a/src/ui/map.js b/src/ui/map.js
@@ -334,6 +334,7 @@ class Map extends Camera {
         this._renderTaskQueue = new TaskQueue();
         this._controls = [];
         this._mapId = uniqueId();
+
         this._requestManager = new RequestManager(options.transformRequest, options.accessToken);
 
         if (typeof options.container === 'string') {

diff --git a/src/util/mapbox.js b/src/util/mapbox.js
@@ -44,8 +44,7 @@ export class RequestManager {
 
     constructor(transformRequestFn?: RequestTransformFunction, customAccessToken?: string) {
         this._transformRequestFn = transformRequestFn;
-        config.CUSTOM_ACCESS_TOKEN = customAccessToken;
-
+        this._customAccessToken = customAccessToken;
         this._createSkuToken();
     }
 
@@ -68,28 +67,27 @@ export class RequestManager {
     }
 
     normalizeStyleURL(url: string, accessToken?: string): string {
-        return normalizeStyleURL(url, config.CUSTOM_ACCESS_TOKEN || accessToken);
+        return normalizeStyleURL(url, this._customAccessToken || accessToken);
     }
 
     normalizeGlyphsURL(url: string, accessToken?: string): string {
-        return normalizeGlyphsURL(url, config.CUSTOM_ACCESS_TOKEN || accessToken);
+        return normalizeGlyphsURL(url, this._customAccessToken || accessToken);
     }
 
     normalizeSourceURL(url: string, accessToken?: string): string {
-        return normalizeSourceURL(url, config.CUSTOM_ACCESS_TOKEN || accessToken);
+        return normalizeSourceURL(url, this._customAccessToken || accessToken);
     }
 
     normalizeSpriteURL(url: string, format: string, extension: string, accessToken?: string): string {
-        return normalizeSpriteURL(url, format, extension, config.CUSTOM_ACCESS_TOKEN || accessToken);
+        return normalizeSpriteURL(url, format, extension, this._customAccessToken || accessToken);
     }
 
     normalizeTileURL(tileURL: string, sourceURL?: ?string, tileSize?: ?number): string {
-
         if (this._isSkuTokenExpired()) {
             this._createSkuToken();
         }
 
-        return normalizeTileURL(tileURL, sourceURL, tileSize, this._skuToken, config.CUSTOM_ACCESS_TOKEN);
+        return normalizeTileURL(tileURL, sourceURL, tileSize, this._skuToken, this._customAccessToken);
     }
 
     canonicalizeTileURL(url: string) {
@@ -169,7 +167,7 @@ const normalizeSpriteURL = function(url: string, format: string, extension: stri
 
 const imageExtensionRe = /(\.(png|jpg)\d*)(?=$)/;
 
-const normalizeTileURL = function(tileURL: string, sourceURL?: ?string, tileSize?: ?number, skuToken?: string): string {
+const normalizeTileURL = function(tileURL: string, sourceURL?: ?string, tileSize?: ?number, skuToken?: string, customAccessToken?: string): string {
     if (!sourceURL || !isMapboxURL(sourceURL)) return tileURL;
 
     const urlObject = parseUrl(tileURL);
@@ -182,11 +180,11 @@ const normalizeTileURL = function(tileURL: string, sourceURL?: ?string, tileSize
     urlObject.path = urlObject.path.replace(imageExtensionRe, `${suffix}${extension}`);
     urlObject.path = `/v4${urlObject.path}`;
 
-    if (config.REQUIRE_ACCESS_TOKEN && config.ACCESS_TOKEN && skuToken) {
+    if (config.REQUIRE_ACCESS_TOKEN && RequestManager._customAccessToken ||  config.ACCESS_TOKEN && skuToken) {
         urlObject.params.push(`sku=${skuToken}`);
     }
 
-    return makeAPIURL(urlObject, config.CUSTOM_ACCESS_TOKEN);
+    return makeAPIURL(urlObject, customAccessToken);
 };
 
 // matches any file extension specified by a dot and one or more alphanumeric characters
@@ -282,12 +280,12 @@ class TelemetryEvent {
     }
 
     getStorageKey(domain: ?string) {
-        const tokenData = parseAccessToken(config.ACCESS_TOKEN);
+        const tokenData = parseAccessToken(RequestManager._customAccessToken || config.ACCESS_TOKEN);
         let u = '';
         if (tokenData && tokenData['u']) {
             u = b64EncodeUnicode(tokenData['u']);
         } else {
-            u = config.ACCESS_TOKEN || '';
+            u = RequestManager._customAccessToken || config.ACCESS_TOKEN || '';
         }
         return domain ?
             `${telemEventKey}.${domain}:${u}` :
@@ -339,10 +337,11 @@ class TelemetryEvent {
     * to the values that should be saved. For this reason, the callback should be invoked prior to the call
     * to TelemetryEvent#saveData
     */
-    postEvent(timestamp: number, additionalPayload: {[string]: any}, callback: (err: ?Error) => void) {
+    postEvent(timestamp: number, additionalPayload: {[string]: any}, callback: (err: ?Error) => void, customAccessToken: string) {
         if (!config.EVENTS_URL) return;
         const eventsUrlObject: UrlObject = parseUrl(config.EVENTS_URL);
-        eventsUrlObject.params.push(`access_token=${config.CUSTOM_ACCESS_TOKEN || config.ACCESS_TOKEN || ''}`);
+        eventsUrlObject.params.push(`access_token=${customAccessToken || config.ACCESS_TOKEN || ''}`);
+
         const payload: Object = {
             event: this.type,
             created: new Date(timestamp).toISOString(),
@@ -365,13 +364,13 @@ class TelemetryEvent {
             this.pendingRequest = null;
             callback(error);
             this.saveEventData();
-            this.processRequests();
+            this.processRequests(customAccessToken);
         });
     }
 
-    queueRequest(event: number | {id: number, timestamp: number}) {
+    queueRequest(event: number | {id: number, timestamp: number}, customAccessToken: string) {
         this.queue.push(event);
-        this.processRequests();
+        this.processRequests(customAccessToken);
     }
 }
 
@@ -385,20 +384,20 @@ export class MapLoadEvent extends TelemetryEvent {
         this.skuToken = '';
     }
 
-    postMapLoadEvent(tileUrls: Array<string>, mapId: number, skuToken: string) {
+    postMapLoadEvent(tileUrls: Array<string>, mapId: number, skuToken: string, customAccessToken: string) {
         //Enabled only when Mapbox Access Token is set and a source uses
         // mapbox tiles.
         this.skuToken = skuToken;
 
         if (config.EVENTS_URL &&
-            config.ACCESS_TOKEN &&
+            customAccessToken || config.ACCESS_TOKEN &&
             Array.isArray(tileUrls) &&
             tileUrls.some(url => isMapboxURL(url) || isMapboxHTTPURL(url))) {
-            this.queueRequest({id: mapId, timestamp: Date.now()});
+            this.queueRequest({id: mapId, timestamp: Date.now()}, customAccessToken);
         }
     }
 
-    processRequests() {
+    processRequests(customAccessToken) {
         if (this.pendingRequest || this.queue.length === 0) return;
         const {id, timestamp} = this.queue.shift();
 
@@ -417,7 +416,7 @@ export class MapLoadEvent extends TelemetryEvent {
             if (!err) {
                 if (id) this.success[id] = true;
             }
-        });
+        }, customAccessToken);
     }
 }
 
@@ -426,19 +425,19 @@ export class TurnstileEvent extends TelemetryEvent {
         super('appUserTurnstile');
     }
 
-    postTurnstileEvent(tileUrls: Array<string>) {
+    postTurnstileEvent(tileUrls: Array<string>, customAccessToken: string) {
         //Enabled only when Mapbox Access Token is set and a source uses
         // mapbox tiles.
         if (config.EVENTS_URL &&
             config.ACCESS_TOKEN &&
             Array.isArray(tileUrls) &&
             tileUrls.some(url => isMapboxURL(url) || isMapboxHTTPURL(url))) {
-            this.queueRequest(Date.now());
+            this.queueRequest(Date.now(), customAccessToken);
         }
     }
 
 
-    processRequests() {
+    processRequests(customAccessToken) {
         if (this.pendingRequest || this.queue.length === 0) {
             return;
         }
@@ -448,8 +447,8 @@ export class TurnstileEvent extends TelemetryEvent {
             this.fetchEventData();
         }
 
-        const tokenData = parseAccessToken(config.ACCESS_TOKEN);
-        const tokenU = tokenData ? tokenData['u'] : config.ACCESS_TOKEN;
+        const tokenData = parseAccessToken(RequestManager._customAccessToken || config.ACCESS_TOKEN);
+        const tokenU = tokenData ? tokenData['u'] : RequestManager._customAccessToken || config.ACCESS_TOKEN;
         //Reset event data cache if the access token owner changed.
         let dueForEvent = tokenU !== this.eventData.tokenU;
 
@@ -478,7 +477,7 @@ export class TurnstileEvent extends TelemetryEvent {
                 this.eventData.lastSuccess = nextUpdate;
                 this.eventData.tokenU = tokenU;
             }
-        });
+        }, customAccessToken);
     }
 }