Day fifteen: markright

October 10, 2015

Markright is an app where users can write and store their markdown documents.

live demo

The challenge in this app was the custom github authentication. Having minimal experience with oauth. I jumped right in. First things first. Github authentication requires a client id and a secret string. These can be acquired on the github profile page. Nice, awesome. That was easy. Moving on to using this information inside the app.

Defining these credentials inside the app as variables is very foolish. Why? Please read this article. It won’t take long. I will wait. Back? Ok, cool. Now that you understand the problem. Lets find a solution.

So to reiterate. I do not want the keys to be visible inside the code like this:

var clientId = '<my github client id>';

This is very bad. Lucky for us. Meteor provides the developer to set a configuration or settings file if you will. Where sensitive data can be stored. I created a settings.json file and start the Meteor server with the command

meteor run --settings settings.json

Add this file to .gitignore and we are good to go. The data is now accessible via Meteor.settings anywhere inside the app.

Configuring the login service was very trivial after that.

Meteor.startup(function () {
  let config = Meteor.settings;
    service: 'github'
  }, {
    $set: config.github

That’s it! Now on the client I can call Meteor.loginWithGithub and the authentication is done!

I had a lot of fun working on this and I learned that oauth isn’t that much of a pain when using the right tool for the job. Please leave a star on the repo and tell me what you think.