I wanted to write a meteor app, that can post a tweet. Since accounts-twitter goes through all the oAuth process and has all the data needed to make an authorized call to the Twitter API, I thought that's gonna be no problem.
As it turns out, it's a little trickier than that. By default, accounts-twitter only exports the profile with the name of the logged in user. I augmented that to include the oAuth information - but in a stupid way: https://github.com/AVGP/meteor/commit/da29e812437c5e7b929599d8e2f4ff79279bfeb7
I am unhappy with this, because: 1.) It should not be in the "profile", but on the top-level (for which I need to touch the accounts-base/accounts-server.js, I guess. 2.) It should not be accessible on the client side (I guess), because that would allow stealing this info via XSS etc.
Can anybody give me some hint on how to implement that "properly"?
Thanks a lot!