1
00:00:00,850 --> 00:00:07,220
In the last section we signed up to the Google of API and got our client id in our client secret.

2
00:00:07,220 --> 00:00:11,790
At present we just copy pasted these two tokens into our index dodgiest file.

3
00:00:11,840 --> 00:00:16,670
We just did that in case you took a long break between the last video and this one I did not want you

4
00:00:16,670 --> 00:00:21,600
to have to go hunting around the Google Developer console trying to find these two keys.

5
00:00:21,620 --> 00:00:26,690
Now we're going to hook the key is up to our Google strategy very shortly but before we do I want to

6
00:00:26,690 --> 00:00:31,640
talk a little bit about what these keys are doing for us and some considerations that we have to have

7
00:00:31,640 --> 00:00:32,810
around them.

8
00:00:33,410 --> 00:00:33,760
OK.

9
00:00:33,800 --> 00:00:35,760
So first off the client id.

10
00:00:36,020 --> 00:00:42,950
That is what we're for you as a public tokin it is completely ok if anyone else in the world gets access

11
00:00:42,950 --> 00:00:45,500
to that client id no problem whatsoever.

12
00:00:45,500 --> 00:00:51,680
All it does is identify our application to Google servers and it's completely OK if we share that token

13
00:00:51,770 --> 00:00:53,100
with the outside world.

14
00:00:53,480 --> 00:00:59,930
However the client secret is a much more secure piece of information as evidenced by the word secret

15
00:01:00,020 --> 00:01:01,150
in it right.

16
00:01:01,160 --> 00:01:07,310
So this client secret is something that we do not want to share with anyone else by mistake or on purpose.

17
00:01:07,430 --> 00:01:12,620
If someone else gets access to our client secret all of a sudden they will have elevated privileges

18
00:01:12,650 --> 00:01:17,060
inside of our account which is definitely a worst case scenario.

19
00:01:17,090 --> 00:01:22,830
So we want to make sure that we do not accidentally share this client secret with the outside world.

20
00:01:22,850 --> 00:01:25,850
So why is this relevant and why am I bringing this up right now.

21
00:01:26,150 --> 00:01:27,130
Well here's the thing.

22
00:01:27,140 --> 00:01:32,420
At present we have committed to our project using get where you are using source control with get.

23
00:01:32,420 --> 00:01:32,900
Right.

24
00:01:32,960 --> 00:01:35,780
And we did that to do our deployment to Heroku.

25
00:01:35,780 --> 00:01:40,010
Now it's entirely reasonable to assume that you might turn around very shortly and decide that you want

26
00:01:40,010 --> 00:01:42,240
to push your project up to get hub.

27
00:01:42,710 --> 00:01:47,240
Well if you pushed your project up to get hub and it contains the client secret.

28
00:01:47,240 --> 00:01:52,820
All of a sudden everyone in the world has access to your repository and get hub can read your client

29
00:01:52,820 --> 00:01:54,640
secret in plain text.

30
00:01:55,010 --> 00:02:00,470
So in this section we're going to take a very brief detour away from all this passport stuff and we're

31
00:02:00,470 --> 00:02:06,230
going to figure out how we can securely store our client secret inside of our project and make sure

32
00:02:06,230 --> 00:02:09,840
that we do not accidentally push it up to get up.

33
00:02:09,860 --> 00:02:14,050
So let's get to it now before we start the actual implementation here.

34
00:02:14,060 --> 00:02:20,960
I want to very quickly say that we're going to do one kind of like brief implementation let's say of

35
00:02:20,960 --> 00:02:25,520
storing this client secret but very shortly we're going to come back and improve it just a little bit

36
00:02:25,880 --> 00:02:29,710
to handle our case where we're deploying to Heroku as well.

37
00:02:30,080 --> 00:02:33,340
So I'm going to give you just a very sneak peek of a diagram here.

38
00:02:33,600 --> 00:02:33,840
OK.

39
00:02:33,860 --> 00:02:36,660
So this is eventually the type of setup we're going to do.

40
00:02:36,680 --> 00:02:39,980
But right now we're going to take a little bit more straightforward approach but we're going to come

41
00:02:39,980 --> 00:02:44,570
back and implement this flow in just a little bit for handling all the different secrets inside of our

42
00:02:44,570 --> 00:02:45,840
application.

43
00:02:46,460 --> 00:02:46,900
OK.

44
00:02:47,000 --> 00:02:48,150
So here's what we're going to do.

45
00:02:48,350 --> 00:02:50,930
We're going to find our server directory.

46
00:02:50,930 --> 00:02:55,370
We're going to make a new folder inside of there called config.

47
00:02:55,730 --> 00:02:59,860
And then inside of that folder we'll make a new file called Keys.

48
00:02:59,970 --> 00:03:01,350
Yes.

49
00:03:01,580 --> 00:03:07,100
Now we're going to store all of our different sensitive keys inside of this keys not just file and then

50
00:03:07,100 --> 00:03:12,020
we're going to make sure that we never ever committed to get which means that we'll never accidentally

51
00:03:12,020 --> 00:03:13,090
push it up to get up.

52
00:03:14,720 --> 00:03:18,110
So I'm going to go back over to my index start just file.

53
00:03:18,320 --> 00:03:20,030
I'm going to find my client ID.

54
00:03:20,090 --> 00:03:21,350
Here it is right here.

55
00:03:21,530 --> 00:03:24,630
I'm going to select the entire thing and then cut it.

56
00:03:25,100 --> 00:03:29,490
I will then change over to my keys G-S file and I'll say module.

57
00:03:29,570 --> 00:03:33,020
Exports equals an object.

58
00:03:33,020 --> 00:03:40,180
I'll say Google client id and I'm going to paste the key as a string and make sure that I put a comma

59
00:03:40,280 --> 00:03:42,080
at the very end.

60
00:03:42,770 --> 00:03:48,910
And then as a separate second line I'll say Google client secret.

61
00:03:49,290 --> 00:03:55,190
I'll go back over to the index dot js file or copy the client's secret and then paste it in here as

62
00:03:55,190 --> 00:03:56,720
a string as well.

63
00:03:57,330 --> 00:03:57,650
OK.

64
00:03:57,710 --> 00:03:59,570
So just very quick what we just did.

65
00:03:59,570 --> 00:04:02,780
We declared a module don't export statement.

66
00:04:02,780 --> 00:04:09,170
This created an object and assigned it to the module that exports property that allows us to require

67
00:04:09,530 --> 00:04:14,530
both of these properties into another file like say our indexed not Zsa's file.

68
00:04:14,690 --> 00:04:18,980
So the module that exports statement will be seen a couple of times throughout this course and we use

69
00:04:18,980 --> 00:04:25,130
it to export code and make it available to other files inside of our application.

70
00:04:25,130 --> 00:04:30,140
So now that we have access to the client id and the client secret here let's make sure that we never

71
00:04:30,200 --> 00:04:34,400
ever accidentally commit this file to source control with get.

72
00:04:34,400 --> 00:04:37,710
So we're going to find my good ignore file.

73
00:04:37,850 --> 00:04:42,500
Remember we had previously created the ignore file to say that we never wanted to accidentally commit

74
00:04:42,530 --> 00:04:44,720
our node modules directory.

75
00:04:44,720 --> 00:04:49,320
So inside a here we're going to add the file name of keys.

76
00:04:49,430 --> 00:04:50,370
Yes.

77
00:04:50,820 --> 00:04:51,190
OK.

78
00:04:51,200 --> 00:04:52,910
And that's pretty much all we have to do.

79
00:04:52,910 --> 00:04:58,190
You'll notice that inside of my code editor my code editor Adam automatically grays out files that will

80
00:04:58,190 --> 00:05:00,430
not be committed to source control.

81
00:05:00,430 --> 00:05:06,830
And so the instant I save my good ignore file with keys not G-S keys dot J s over in the file pane kind

82
00:05:06,830 --> 00:05:12,200
of Grae's itself out to say oh this file is not going to be committed to get anymore.

83
00:05:13,100 --> 00:05:13,380
All right.

84
00:05:13,370 --> 00:05:14,510
So that's pretty much it.

85
00:05:14,510 --> 00:05:18,410
Remember remember this is kind of a temporary solution that we're using right now.

86
00:05:18,470 --> 00:05:23,890
Very shortly we're going to come back and take care of a little bit more complex and robust solution.

87
00:05:24,020 --> 00:05:29,160
But I did not want to kind of stray away too far from the passport stuff that we're doing right now.

88
00:05:30,050 --> 00:05:35,170
As a last step I'm going to clean up the two comments with the Klein ID and the client secret like so

89
00:05:35,850 --> 00:05:37,320
and I'm going to save this file.

90
00:05:37,680 --> 00:05:38,010
OK.

91
00:05:38,040 --> 00:05:38,810
So that's it.

92
00:05:38,810 --> 00:05:42,890
Let's take a break right now because I wanted to just take care of all this key safety stuff inside

93
00:05:42,890 --> 00:05:47,060
of a single video so we're going to continue on the next section and we'll figure out how we're going

94
00:05:47,060 --> 00:05:52,360
to import that he's not just file and make use of those two keys inside of our Google strategy.

95
00:05:52,520 --> 00:05:54,340
So I'll see you in just a second.