After adding packages accounts-google and accounts-ui, and adding {{> loginButtons}} to my meteor app's html, I'm presented with the following button:
This allows me to enter my client id + secret - fantastic!
Where are these stored?
If I'm able to set them without having to login or somehow prove that I'm the owner of the app, does this mean that anybody could set them to something new, by making the same request to my server?
Thanks
Once you set the configuration keys, it won't ask you/your user to enter these credentials again. These secrets are stored in your database, to be specific it is stored in this collectionmeteor_accounts_loginServiceConfiguration
. And yes when you're adding the accounts-ui package, all things including securities are done by that package as this package is maintained by mdg(meteor development group)
. So you can be sure that no one can make request to change/update your credentials.