Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

chipchat-tokens-to-google-secretmanager-mixin

Package Overview
Dependencies
Maintainers
1
Versions
28
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

chipchat-tokens-to-google-secretmanager-mixin

ChatShipper uses access tokens (token and refreshToken) to gain access to the api. You normally pass them when you initilialize the sdk like this: ```js const Sdk = require('chipchat'); const api = new Sdk({ token: 'your access token', refreshToken: 'your

  • 1.4.0
  • npm
  • Socket score

Version published
Weekly downloads
30
increased by1400%
Maintainers
1
Weekly downloads
 
Created
Source

Store Authentication tokens of ChatShipper in Google Cloud Secret Storage

ChatShipper uses access tokens (token and refreshToken) to gain access to the api. You normally pass them when you initilialize the sdk like this:

const Sdk = require('chipchat');
const api = new Sdk({ token: 'your access token', refreshToken: 'your refresh token'})

You get these tokens via the interface of ChatShipper by going to the user or bot that you want to use when accessing the api and in it's properties panel you can generate tokens.

These tokens expire though. And altough the chipchat sdk will automatically refresh the tokens for you, when the access token expires, the sdk will request new tokens with the refreshToken, it only remembers those tokens while the app is running. When you restart it will use the tokens you passed to the initilialization process again. Which will work as long as the refreshToken is valid, which is a month (at the moment)

So you need some way to store the (new) tokens somewhere save and reuse them. Tokens give access and should be kept very save. Do not commit tokens to github or put them in env variable even.

Big cloud platforms like Google or AWS have special secret stores where you can savely store tokens.

This package uses the Google Secret Manager to store the tokens. It idoes so by overwriting the special chipchat functions getTokens and setTokens via a mixin to add the store to google secrets functionality.

You need to have basic understandings of the Google platform and have your service account file with sufficient rights to the project stored locally.

Before you can use this, you have to set the _tokens in the store from the CLI (terminal) with:

#first we export some stuff to make the command more readable

export GOOGLE_APPLICATION_CREDENTIALS=/full/path/to/serviceaccountfile.json   #Get access to your project
# security tip: add a space in front of the tokens to prevent them from being stored in your (bash) history
 export TOKEN=<paste your access token here>
 export REFRESHTOKEN=<paste your refresh token here>
export WPROJECT=<type the name of the project in google where you will create the secret and the service account has acces to>
export BOTID=<paste the bot id here>
export CONCERSATION=<paste a conversation id (from CS UI) here. we will retrieve this conv as an example>

#then create the secret holding the bots tokens:
echo -n '{"token":"'$TOKEN'", "refreshToken":"'$REFRESHTOKEN'"}' | gcloud secrets create ${BOTID}_tokens \
  --data-file=- --replication-policy automatic --project $WPROJECT

Now that you have got you tokens in the store, lets use them via the mixin module like this:

const ChipChat = require('chipchat');
const { getTokens, setTokens } = require('chipchat-tokens-to-google-secretmanager-mixin');

ChipChat.mixin({ getTokens, setTokens });

// The bots email is needed to request new tokens
// and to get and store the tokens in/from the google secrest store.
// The bots user id that is found in
// the properties panel of the bot (if you are the bot owner)

const email = `bot+${process.env.BOTID}@chatshipper.com`;
const bot = new ChipChat({ email }); // no need for tokens, they will be retrieved from the secret store now

// As an example we will get a conversation and dump it to the console.
const conversationid = process.env.CONVERSATION;
bot.conversations.get(conversationid).then(console.log);

test.js

install the needed packages and test with node version 10 (use nvm) or higher:

npm init # enter enter enter etc
npm i -s chipchat chipchat-tokens-to-google-secretmanager-mixin
DEBUG=* node test.js

FAQs

Package last updated on 24 Jun 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc