Meteor / accounts-google: Where is the client secret stored? Is it safe?
After adding packages accounts-google and accounts-ui, and adding {{> loginButtons}} to my meteor app's html, I'm presented with the following button:
This allows me to enter my client id + secret - fantastic!
Where are these stored?
If I'm able to set them without having to login or somehow prove that I'm the owner of the app, does this mean that anybody could set them to something new, by making the same request to my server?
Thanks
Once you set the configuration keys, it won't ask you/your user to enter these credentials again. These secrets are stored in your database, to be specific it is stored in this collectionmeteor_accounts_loginServiceConfiguration. And yes when you're adding the accounts-ui package, all things including securities are done by that package as this package is maintained by mdg(meteor development group). So you can be sure that no one can make request to change/update your credentials.
- google map not displaying on mobile
- Generating a PDF file from React Components
- Token Authentication in Meteor
- React Helmet: Hash Not Accepted?
- How to return value from SOAP function to meteor method?
- cannot start docker daemon (graphdriver issue)
- npm install anything failes with ECONNRESET
- integrate meteor in existing vue 3 application
- Argument of type 'Date' is not assignable to parameter of type 'string'
- How to check if email already exist for a user (emails[0].address) before try to use it to change the email of another user?
- Twilio Voice and Meteor.js - Can’t Get req.body In WebApp.handlers.use()?
- Meteor server api using iron router returns HTML not the response
- In Meteor with Iron router how would I redirect to a thank you URL stored in the database after form submission
- Meteor: Iron route not to the right route
- Meteor GoogleMaps.load() not working on iOS with Iron
- How to delete Iron Router history
- Iron Router / Meteor - How can I pass data from the controller to the template?
- Meteor Rendering Templates with Functions
- Meteor Unable to Render Dynamic Templates
- Timeout error when running tests on Meteor demo app
- React Router: Accessing Params in the Server for SSR
- How to import bootstrap 5 javascript plugins into Meteor-Svelte project
- How to decrement like $dec?
- Meteor template Blaze how to return only first element of array
- this.unblock in a method if the method is non-blocking
- Why is it not possible to use spacebars to insert a style for an HTML element?
- connect.multipart() will be removed in connect 3.0 on meteor startup
- Helmet Rejects Localhost Even Though it is Included in Script-Src?
- mocha "describe" is not defined
- Setup for Helmet and ReportURi?