OAuth Code for Google/YouTube #2
Conversation
realm/functions/get_token/source.js
Outdated
| } | ||
|
|
||
| return tokens.access_token | ||
| }; |
There was a problem hiding this comment.
No newline at end of file. GitHub is mad at you.
realm/functions/get_token/source.js
Outdated
| const tokens_collection = context.services.get("mongodb-atlas").db("auth").collection("auth_tokens"); | ||
|
|
||
| // Look up tokens: | ||
| let tokens = await tokens_collection.findOne({_id: "youtube"}); |
There was a problem hiding this comment.
Is this a YouTube-specific function? If so, should we name it or add a comment to indicate it's for YouTube and not generic?
There was a problem hiding this comment.
My plan is to make it generic. So the name's probably correct, but it'll take a parameter that determines which service it's authenticating against.
| const CLIENT_ID = context.values.get("GOOGLE_CLIENT_ID"); | ||
| const CLIENT_SECRET = context.values.get("GOOGLE_CLIENT_SECRET"); | ||
|
|
||
| const tokens_collection = context.services.get("mongodb-atlas").db("auth").collection("auth_tokens"); |
There was a problem hiding this comment.
Genuine question - not sure what the best practices are. Are we comfortable hard-coding these strings? We could put them in values, but then to access them we still have to use a string. Wish we had genuine constants we could reference, but I'm failing to think of a way we could do it.
There was a problem hiding this comment.
I know what you mean. The reason I assigned the collection to a variable was so that the database/collection was only hard-coded in once place.
If we put it in a value, it implies the database and collection will be different for different deployments. I suppose if you were connecting this Realm app to a cluster that's also used for other things, then you might want to use a custom database/collection name?
| @@ -0,0 +1,98 @@ | |||
|
|
|||
There was a problem hiding this comment.
Looks like this is specific to YouTube. Can you add a comment to the top indicating what this function is doing?
There was a problem hiding this comment.
It's currently specific to YouTube, but it will be generic. (There will be a configuration object in the database for each oauth provider, I think)
| } | ||
| } | ||
| } | ||
| }; |
There was a problem hiding this comment.
GitHub is still mad at you
|
|
||
| // MongoDBofficial Channel ID: | ||
| // (Obtained from: https://www.youtube.com/account_advanced) | ||
| const ACCOUNT_ID = context.values.get("GOOGLE_ACCOUNT_ID"); //"UCK_m2976Yvbx-TyDLw7n1WA"; |
There was a problem hiding this comment.
Doesn't look like this is being used
| @@ -0,0 +1,5 @@ | |||
| { | |||
There was a problem hiding this comment.
Is it OK to have this in our public repo? I'm guessing yes, but just confirming
There was a problem hiding this comment.
Yes, it's public information - but thanks for checking! (This kind of thing scares me silly)
* Add initial oauth implementation. * URL is obtained from context now, so this might actually work. * Adding template value. * Saving tokens in Atlas. * Added get_token function. Backing up webhooks. * Updating webhooks and cleaning up some files. * Corrections pointed out by Lauren
If you've already linked the MongoDB YouTube account with your Google App, then you've missed the chance to get a refresh token. You'll need to revoke your token
In order to revoke your token, you'll need a valid access token. If you have one of these, skip to revoke your token, if not...
Obtain an access token
Go to your oauth webhook, and follow the steps to authorize access to the MongoDB YouTube account. When you see
{"message":"ok"}you've completed the process 🙂Revoke your token
Now load up your collections in Atlas, and look in
auth.auth_tokens. There should be one document, and it should have anaccess_token(but norefresh_token). Copy and paste it into the following terminal command:Re-auth your app
Now you need to go back to the oauth endpoint and re-authorize. When you're done, you should have a document in your
auth.auth_tokenscollection with arefresh_token. You're good to go!