These are chat archives for highfidelity/hifi

23rd
Jun 2016
Mohammed Nafees
@mnafees
Jun 23 2016 17:41
The Google OAuth client secret should be hidden and not be committed to the open source codebase (was about to commit my changes when suddenly I realised it :P ). The secret is usually kept on backend servers for obvious security reasons. What’s the best approach to keep it hidden from the codebase on GitHub?
@Atlante45 Your PR helped me a lot and I successfully got everything up and running. Thanks a tonne!
Google OAuth
This is what I have been up to till now ;)
Clément Brisset
@Atlante45
Jun 23 2016 17:46
I can't see that picture for some reason.
Glad to know it helped!
This is for domain servers federated login right?
@binaryking If this is for what I just said, then I would say that we should most definitely not provide and OAuth token and let the domain owners set that up by themselves.
Clément Brisset
@Atlante45
Jun 23 2016 17:51
(ie. Some setting in the domain server that let you configure your OAuth)
Ideally, your code is generic enough that it would work for any OAuth compliant provider given the right configuration.
Mohammed Nafees
@mnafees
Jun 23 2016 17:52
The image should load fine now
Clément Brisset
@Atlante45
Jun 23 2016 17:52
Just got the image
And realized you are not working on what I said ^^
Mohammed Nafees
@mnafees
Jun 23 2016 17:53
As of now, I am integrating Google OAuth for using their Sheets API
But now, that I think of it, I think an interface to integrate OAuth compliant services would be cool
Clément Brisset
@Atlante45
Jun 23 2016 18:00
The problem is that you don't really want to give you private token to everyone that runs the script. They could abuse it and screw it up for everybody.
Is there a way to generate a token with the account people use to login?
@binaryking Could you make use of this API instead: Access Google APIs from the client side
Whoops
Looks more appropriate for what you want to do and doesn't require a developer token.
Mohammed Nafees
@mnafees
Jun 23 2016 18:07
@Atlante45 let me look into this ...