Reputation: 5954
meteor.js access oAuth token from accounts-twitter in server-side code
I wanted to write a meteor app, that can post a tweet. Since accounts-twitter goes through all the oAuth process and has all the data needed to make an authorized call to the Twitter API, I thought that's gonna be no problem.
As it turns out, it's a little trickier than that. By default, accounts-twitter only exports the profile with the name of the logged in user. I augmented that to include the oAuth information - but in a stupid way: https://github.com/AVGP/meteor/commit/da29e812437c5e7b929599d8e2f4ff79279bfeb7
I am unhappy with this, because: 1.) It should not be in the "profile", but on the top-level (for which I need to touch the accounts-base/accounts-server.js, I guess. 2.) It should not be accessible on the client side (I guess), because that would allow stealing this info via XSS etc.
Can anybody give me some hint on how to implement that "properly"?
Thanks a lot!
Upvotes: 1
Views: 751
Answers (1)
Reputation: 5954
Nevermind - I found it.
Actually, the trick is not to call Meteor.user() on the server side, but doing this instead:
Meteor.users.findOne(...).services.twitter
This gives you all the information and this stuff is hidden on Meteor.user().
Upvotes: 1
Related Questions
- Tweet using application in Twitter with Meteor
- Meteor.js: Linking Twitter and Facebook to a Password based account
- Meteor OAuth Add/Pass Query Params to /oauth/authenticate (Twitter "force_login")
- Security practice for making an external API calls with Meteor
- Meteor 0.6.6.1 - Login with Twitter - auth callback issue
- How to post a tweet with Meteor.js, Twitter and Oauth
- Twitter API 1.1 Oauth w/ Meteor
- Get user followers in meteorjs
- Meteor access tokens
- Auth with twitter on a meteor app