diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..6fb63b2
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,27 @@
+name: Ruby
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu
+        ruby:
+          - "2.5"
+          - "2.6"
+          - "2.7"
+          - "3.0"
+          - "3.1"
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true # 'bundle install' and cache
+    - name: Run tests
+      run: bundle exec rake
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 0000000..485d476
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,23 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you  for your contributions.'
+        stale-pr-message: 'This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'
+        days-before-stale: 30
+        days-before-close: 5
+        exempt-pr-label: 'pinned'
+        exempt-issue-label: 'pinned'
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index e863e12..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-before_install:
-  - gem update bundler
-  - bundle --version
-  - gem update --system
-  - gem --version
-rvm:
-  - 2.3.0
-  - 2.2
-  - 2.1
-  - 2.0
-  - 1.9.3
-  - jruby-19mode
-  - rbx-2
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cb0ad8a..fca18b4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,34 @@
+## 9.0.0 (2021-10-25)
+
+Changes:
+
+  - bumped version of FB Graph API to v5.0
+
+## 8.0.0 (2020-10-20)
+
+Changes:
+
+  - user profile picture link includes access token (#344, @anklos)
+
+## 7.0.0 (2020-08-03)
+
+Changes:
+
+  - bumped version of FB Graph API to v4.0
+
+## 6.0.0 (2020-01-27)
+
+Changes:
+
+  - bumped version of FB Graph API to v3.0
+
+## 5.0.0 (2018-03-29)
+
+Changes:
+
+  - bumped version of FB Graph API to v2.10 (#297, @piotrjaworski)
+  - use only CRuby 2.0+ on CI (#298, @simi)
+
 ## 4.0.0 (2016-07-26)
 
 Changes:
@@ -6,7 +37,7 @@
   - switch to versioned FB APIs, currently using v2.6 (#245, @printercu, @mkdynamic)
   - remove deprecated :nickname field from README example (#223, @abelorian)
   - add Ruby 2.2 + 2.3.0 to CI (#225, @tricknotes, @mkdynamic, @anoraak)
-  - update example app (@mkynamic)
+  - update example app (@mkdynamic)
 
 ## 3.0.0 (2015-10-26)
 
diff --git a/Gemfile b/Gemfile
index 2fc94e1..4ad1253 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,6 +2,4 @@
 
 gemspec
 
-platforms :rbx do
-  gem 'rubysl', '~> 2.0'
-end
+gem 'rack', '>= 2.0'
diff --git a/README.md b/README.md
index b0615ed..04bd573 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-# OmniAuth Facebook &nbsp;[![Build Status](https://secure.travis-ci.org/mkdynamic/omniauth-facebook.svg?branch=master)](https://travis-ci.org/mkdynamic/omniauth-facebook) [![Gem Version](https://img.shields.io/gem/v/omniauth-facebook.svg)](https://rubygems.org/gems/omniauth-facebook)
+# OmniAuth Facebook &nbsp;[![Build Status](https://secure.travis-ci.org/simi/omniauth-facebook.svg?branch=master)](https://travis-ci.org/simi/omniauth-facebook) [![Gem Version](https://img.shields.io/gem/v/omniauth-facebook.svg)](https://rubygems.org/gems/omniauth-facebook)
+
+📣 **NOTICE** We’re looking for maintainers to help keep this project up-to-date. If you are interested in helping please open an Issue expressing your interest. Thanks! 📣
 
 **These notes are based on master, please see tags for README pertaining to specific releases.**
 
@@ -24,11 +26,11 @@
 
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET']
 end
 ```
 
-[See the example Sinatra app for full examples](https://github.com/mkdynamic/omniauth-facebook/blob/master/example/config.ru) of both the server and client-side flows (including using the Facebook Javascript SDK).
+[See the example Sinatra app for full examples](https://github.com/simi/omniauth-facebook/blob/master/example/config.ru) of both the server and client-side flows (including using the Facebook Javascript SDK).
 
 ## Configuring
 
@@ -39,31 +41,31 @@
 `scope` | `email` | A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: https://developers.facebook.com/docs/reference/login/
 `display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and `touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/
 `image_size` | `square` | Set the size for the returned image url in the auth hash. Valid options include `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Additionally, you can request a picture of a specific size by setting this option to a hash with `:width` and `:height` as keys. This will return an available profile picture closest to the requested size and requested aspect ratio. If only `:width` or `:height` is specified, we will return a picture whose width or height is closest to the requested size, respectively.
-`info_fields` | 'name,email' | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
+`info_fields` | `name,email` | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
 `locale` |  | Specify locale which should be used when getting the user's info. Value should be locale string as per https://developers.facebook.com/docs/reference/api/locale/.
 `auth_type` | | Optionally specifies the requested authentication features as a comma-separated list, as per https://developers.facebook.com/docs/facebook-login/reauthentication/. Valid values are `https` (checks for the presence of the secure cookie and asks for re-authentication if it is not present), and `reauthenticate` (asks the user to re-authenticate unconditionally). Use 'rerequest' when you want to request premissions. Default is `nil`.
-`secure_image_url` | `false` | Set to `true` to use https for the avatar image url returned in the auth hash.
+`secure_image_url` | `true` | Set to `true` to use https for the avatar image url returned in the auth hash. SSL is mandatory as per https://developers.facebook.com/docs/facebook-login/security#surfacearea.
 `callback_url` / `callback_path` | | Specify a custom callback URL used during the server-side flow. Note this must be allowed by your app configuration on Facebook (see 'Valid OAuth redirect URIs' under the 'Advanced' settings section in the configuration for your Facebook app for more details).
 
 For example, to request `email`, `user_birthday` and `read_stream` permissions and display the authentication page in a popup window:
 
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
     scope: 'email,user_birthday,read_stream', display: 'popup'
 end
 ```
 
 ### API Version
 
-OmniAuth Facebook uses versioned API endpoints by default (current v2.6). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v3.0 (assuming that exists):
+OmniAuth Facebook uses versioned API endpoints by default (current v5.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v7.0 (assuming that exists):
 
 ```ruby
 use OmniAuth::Builder do
-  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
     client_options: {
-      site: 'https://graph.facebook.com/v3.0',
-      authorize_url: "https://www.facebook.com/v3.0/dialog/oauth"
+      site: 'https://graph.facebook.com/v7.0',
+      authorize_url: "https://www.facebook.com/v7.0/dialog/oauth"
     }
 end
 ```
@@ -85,9 +87,7 @@
     name: 'Joe Bloggs',
     first_name: 'Joe',
     last_name: 'Bloggs',
-    image: 'http://graph.facebook.com/1234567/picture?type=square',
-    urls: { Facebook: 'http://www.facebook.com/jbloggs' },
-    location: 'Palo Alto, California',
+    image: 'http://graph.facebook.com/1234567/picture?type=square&access_token=...',
     verified: true
   },
   credentials: {
@@ -152,9 +152,7 @@
 
 ## Supported Rubies
 
-- Ruby MRI (1.9.3+)
-- JRuby (1.9 mode)
-- RBX (2.1.1+)
+- Ruby MRI (2.5, 2.6, 2.7, 3.0)
 
 ## License
 
diff --git a/example/Gemfile.lock b/example/Gemfile.lock
index aea783c..ca6ec23 100644
--- a/example/Gemfile.lock
+++ b/example/Gemfile.lock
@@ -1,54 +1,58 @@
 PATH
-  remote: ../
+  remote: ..
   specs:
-    omniauth-facebook (3.0.0)
+    omniauth-facebook (8.0.0)
       omniauth-oauth2 (~> 1.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    backports (3.6.8)
-    faraday (0.9.2)
+    backports (3.15.0)
+    faraday (1.1.0)
       multipart-post (>= 1.2, < 3)
-    hashie (3.4.4)
-    jwt (1.5.1)
-    multi_json (1.12.1)
-    multi_xml (0.5.5)
-    multipart-post (2.0.0)
-    oauth2 (1.1.0)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0, < 1.5.2)
+      ruby2_keywords
+    hashie (4.1.0)
+    jwt (2.2.2)
+    multi_json (1.14.1)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.3.1)
-      hashie (>= 1.2, < 4)
-      rack (>= 1.0, < 3)
-    omniauth-oauth2 (1.4.0)
-      oauth2 (~> 1.0)
-      omniauth (~> 1.2)
-    rack (1.6.4)
-    rack-protection (1.5.3)
+    omniauth (1.9.1)
+      hashie (>= 3.4.6)
+      rack (>= 1.6.2, < 3)
+    omniauth-oauth2 (1.7.0)
+      oauth2 (~> 1.4)
+      omniauth (~> 1.9)
+    rack (2.2.3)
+    rack-protection (2.0.8.1)
       rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    sinatra (1.4.7)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
-    sinatra-contrib (1.4.7)
-      backports (>= 2.0)
+    ruby2_keywords (0.0.2)
+    sinatra (2.0.8.1)
+      mustermann (~> 1.0)
+      rack (~> 2.0)
+      rack-protection (= 2.0.8.1)
+      tilt (~> 2.0)
+    sinatra-contrib (2.0.8.1)
+      backports (>= 2.8.2)
       multi_json
-      rack-protection
-      rack-test
-      sinatra (~> 1.4.0)
-      tilt (>= 1.3, < 3)
+      mustermann (~> 1.0)
+      rack-protection (= 2.0.8.1)
+      sinatra (= 2.0.8.1)
+      tilt (~> 2.0)
     sinatra-reloader (1.0)
       sinatra-contrib
-    tilt (2.0.5)
+    tilt (2.0.10)
 
 PLATFORMS
   ruby
+  x64-mingw32
 
 DEPENDENCIES
   omniauth-facebook!
@@ -56,4 +60,4 @@
   sinatra-reloader
 
 BUNDLED WITH
-   1.12.5
+   1.17.3
diff --git a/example/app.rb b/example/app.rb
index 47d6514..a94f8a1 100644
--- a/example/app.rb
+++ b/example/app.rb
@@ -1,6 +1,7 @@
 require 'sinatra'
 require "sinatra/reloader"
 require 'yaml'
+require 'json'
 
 # configure sinatra
 set :run, false
@@ -27,8 +28,8 @@
       <script type="text/javascript">
         window.fbAsyncInit = function() {
           FB.init({
-            appId: '#{ENV['APP_ID']}',
-            version: 'v2.6',
+            appId: '#{ENV['FACEBOOK_APP_ID']}',
+            version: 'v4.0',
             cookie: true // IMPORTANT must enable cookies to allow the server to access the session
           });
           console.log("fb init");
@@ -81,5 +82,5 @@
 # - ajax request made here for client-side flow
 get '/auth/:provider/callback' do
   content_type 'application/json'
-  MultiJson.encode(request.env)
+  JSON.dump(request.env)
 end
diff --git a/example/config.ru b/example/config.ru
index c826e0c..0cbde4b 100644
--- a/example/config.ru
+++ b/example/config.ru
@@ -5,7 +5,7 @@
 use Rack::Session::Cookie, secret: 'abc123'
 
 use OmniAuth::Builder do
-  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET']
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET']
 end
 
 run Sinatra::Application
diff --git a/lib/omniauth/facebook/version.rb b/lib/omniauth/facebook/version.rb
index 3b9c88c..2575cf1 100644
--- a/lib/omniauth/facebook/version.rb
+++ b/lib/omniauth/facebook/version.rb
@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = "4.0.0"
+    VERSION = '9.0.0'
   end
 end
diff --git a/lib/omniauth/strategies/facebook.rb b/lib/omniauth/strategies/facebook.rb
index d73d6ad..89e8907 100644
--- a/lib/omniauth/strategies/facebook.rb
+++ b/lib/omniauth/strategies/facebook.rb
@@ -10,10 +10,11 @@
       class NoAuthorizationCodeError < StandardError; end
 
       DEFAULT_SCOPE = 'email'
+      DEFAULT_FACEBOOK_API_VERSION = 'v5.0'.freeze
 
       option :client_options, {
-        site: 'https://graph.facebook.com/v2.6',
-        authorize_url: "https://www.facebook.com/v2.6/dialog/oauth",
+        site: "https://graph.facebook.com/#{DEFAULT_FACEBOOK_API_VERSION}",
+        authorize_url: "https://www.facebook.com/#{DEFAULT_FACEBOOK_API_VERSION}/dialog/oauth",
         token_url: 'oauth/access_token'
       }
 
@@ -22,7 +23,11 @@
         param_name: 'access_token'
       }
 
+      option :authorization_code_from_signed_request_in_cookie, nil
+
       option :authorize_options, [:scope, :display, :auth_type]
+
+      option :secure_image_url, true
 
       uid { raw_info['id'] }
 
@@ -76,7 +81,7 @@
       #      phase and it must match during the access_token phase:
       #      https://github.com/facebook/facebook-php-sdk/blob/master/src/base_facebook.php#L477
       def callback_url
-        if @authorization_code_from_signed_request_in_cookie
+        if options.authorization_code_from_signed_request_in_cookie
           ''
         else
           # Fixes regression in omniauth-oauth2 v1.4.0 by https://github.com/intridea/omniauth-oauth2/commit/85fdbe117c2a4400d001a6368cc359d88f40abc7
@@ -131,7 +136,7 @@
           yield
         elsif code_from_signed_request = signed_request_from_cookie && signed_request_from_cookie['code']
           request.params['code'] = code_from_signed_request
-          @authorization_code_from_signed_request_in_cookie = true
+          options.authorization_code_from_signed_request_in_cookie = true
           # NOTE The code from the signed fbsr_XXX cookie is set by the FB JS SDK will confirm that the identity of the
           #      user contained in the signed request matches the user loading the app.
           original_provider_ignores_state = options.provider_ignores_state
@@ -140,7 +145,7 @@
             yield
           ensure
             request.params.delete('code')
-            @authorization_code_from_signed_request_in_cookie = false
+            options.authorization_code_from_signed_request_in_cookie = false
             options.provider_ignores_state = original_provider_ignores_state
           end
         else
@@ -159,13 +164,15 @@
         uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
         site_uri = URI.parse(client.site)
         url = uri_class.build({host: site_uri.host, path: "#{site_uri.path}/#{uid}/picture"})
+        query = { access_token: access_token.token }
 
-        query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
-          { type: options[:image_size] }
+        if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
+          query[:type] = options[:image_size]
         elsif options[:image_size].is_a?(Hash)
-          options[:image_size]
+          query.merge!(options[:image_size])
         end
-        url.query = Rack::Utils.build_query(query) if query
+
+        url.query = Rack::Utils.build_query(query)
 
         url.to_s
       end
diff --git a/omniauth-facebook.gemspec b/omniauth-facebook.gemspec
index 39bbbce..7886839 100644
--- a/omniauth-facebook.gemspec
+++ b/omniauth-facebook.gemspec
@@ -8,7 +8,7 @@
   s.authors  = ['Mark Dodwell', 'Josef Šimánek']
   s.email    = ['mark@madeofcode.com', 'retro@ballgag.cz']
   s.summary  = 'Facebook OAuth2 Strategy for OmniAuth'
-  s.homepage = 'https://github.com/mkdynamic/omniauth-facebook'
+  s.homepage = 'https://github.com/simi/omniauth-facebook'
   s.license  = 'MIT'
 
   s.files         = `git ls-files`.split("\n")
diff --git a/test/helper.rb b/test/helper.rb
index bd1b82b..1fdeba5 100644
--- a/test/helper.rb
+++ b/test/helper.rb
@@ -41,6 +41,9 @@
 
     @client_id = '123'
     @client_secret = '53cr3tz'
+    @options = {}
+
+    @facebook_api_version = OmniAuth::Strategies::Facebook::DEFAULT_FACEBOOK_API_VERSION
   end
 
   def strategy
@@ -53,4 +56,4 @@
   end
 end
 
-Dir[File.expand_path('../support/**/*', __FILE__)].each &method(:require)
+Dir[File.expand_path('../support/**/*', __FILE__)].each(&method(:require))
diff --git a/test/strategy_test.rb b/test/strategy_test.rb
index b793c73..dae8544 100644
--- a/test/strategy_test.rb
+++ b/test/strategy_test.rb
@@ -9,11 +9,11 @@
 
 class ClientTest < StrategyTestCase
   test 'has correct Facebook site' do
-    assert_equal 'https://graph.facebook.com/v2.6', strategy.client.site
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}", strategy.client.site
   end
 
   test 'has correct authorize url' do
-    assert_equal 'https://www.facebook.com/v2.6/dialog/oauth', strategy.client.options[:authorize_url]
+    assert_equal "https://www.facebook.com/#{@facebook_api_version}/dialog/oauth", strategy.client.options[:authorize_url]
   end
 
   test 'has correct token url with versioning' do
@@ -95,41 +95,67 @@
 end
 
 class InfoTest < StrategyTestCase
-  test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
+  def setup
+    super
+    @access_token = stub('OAuth2::AccessToken')
+    @access_token.stubs(:token).returns('test_access_token')
+  end
+
+  test 'returns the secure facebook avatar url when `secure_image_url` option is set to true' do
     @options = { secure_image_url: true }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'https://graph.facebook.com/v2.6/321/picture', strategy.info['image']
+    strategy.stubs(:access_token).returns(@access_token)
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+  end
+
+  test 'returns the non-ssl facebook avatar url when `secure_image_url` option is set to false' do
+    @options = { secure_image_url: false }
+    raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+    strategy.stubs(:raw_info).returns(raw_info)
+    strategy.stubs(:access_token).returns(@access_token)
+    assert_equal "http://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+  end
+
+  test 'returns the secure facebook avatar url when `secure_image_url` option is omitted' do
+    raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+    strategy.stubs(:raw_info).returns(raw_info)
+    strategy.stubs(:access_token).returns(@access_token)
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
   end
 
   test 'returns the image_url based of the client site' do
     @options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
+    strategy.stubs(:access_token).returns(@access_token)
+    assert_equal "https://blah.facebook.com/v2.2/321/picture?access_token=test_access_token", strategy.info['image']
   end
 
   test 'returns the image with size specified in the `image_size` option' do
     @options = { image_size: 'normal' }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'http://graph.facebook.com/v2.6/321/picture?type=normal', strategy.info['image']
+    strategy.stubs(:access_token).returns(@access_token)
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token&type=normal", strategy.info['image']
   end
 
   test 'returns the image with size specified as a symbol in the `image_size` option' do
     @options = { image_size: :normal }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'http://graph.facebook.com/v2.6/321/picture?type=normal', strategy.info['image']
+    strategy.stubs(:access_token).returns(@access_token)
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token&type=normal", strategy.info['image']
   end
 
   test 'returns the image with width and height specified in the `image_size` option' do
     @options = { image_size: { width: 123, height: 987 } }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
+    strategy.stubs(:access_token).returns(@access_token)
     assert_match 'width=123', strategy.info['image']
     assert_match 'height=987', strategy.info['image']
-    assert_match 'http://graph.facebook.com/v2.6/321/picture?', strategy.info['image']
+    assert_match "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
   end
 end
 
@@ -138,6 +164,10 @@
     super
     @raw_info ||= { 'name' => 'Fred Smith' }
     strategy.stubs(:raw_info).returns(@raw_info)
+
+    access_token = stub('OAuth2::AccessToken')
+    access_token.stubs(:token).returns('test_access_token')
+    strategy.stubs(:access_token).returns(access_token)
   end
 
   test 'returns the name' do
@@ -176,7 +206,7 @@
 
   test 'returns the facebook avatar url' do
     @raw_info['id'] = '321'
-    assert_equal 'http://graph.facebook.com/v2.6/321/picture', strategy.info['image']
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
   end
 
   test 'returns the Facebook link as the Facebook url' do
@@ -215,6 +245,10 @@
     super
     @raw_info ||= { 'name' => 'Fred Smith' }
     strategy.stubs(:raw_info).returns(@raw_info)
+
+    access_token = stub('OAuth2::AccessToken')
+    access_token.stubs(:token).returns('test_access_token')
+    strategy.stubs(:access_token).returns(access_token)
   end
 
   test 'has no email key' do
@@ -258,7 +292,7 @@
     @options = {appsecret_proof: @appsecret_proof, fields: 'name,email'}
   end
 
-  test 'performs a GET to https://graph.facebook.com/v2.6/me' do
+  test "performs a GET to https://graph.facebook.com/#{@facebook_api_version}/me" do
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     strategy.stubs(:access_token).returns(@access_token)
     params = {params: @options}
@@ -266,7 +300,7 @@
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/v2.6/me with locale' do
+  test "performs a GET to https://graph.facebook.com/#{@facebook_api_version}/me with locale" do
     @options.merge!({ locale: 'cs_CZ' })
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
@@ -275,7 +309,7 @@
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/v2.6/me with info_fields' do
+  test "performs a GET to https://graph.facebook.com/#{@facebook_api_version}/me with info_fields" do
     @options.merge!({info_fields: 'about'})
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
@@ -284,7 +318,7 @@
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/v2.6/me with default info_fields' do
+  test "performs a GET to https://graph.facebook.com/#{@facebook_api_version}/me with default info_fields" do
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     params = {params: {appsecret_proof: @appsecret_proof, fields: 'name,email'}}
@@ -452,7 +486,7 @@
     end
 
     test 'empty param' do
-      assert_equal nil, strategy.send(:signed_request_from_cookie)
+      assert_nil strategy.send(:signed_request_from_cookie)
     end
   end