We want to setup API keys for accessing our REST APIs. These should be linked to the user, as it is usually the case with these kind of keys.
Meteor itself stores tokens under the services
key of the user collection. It contains a key for every login service, but also a key resume
for session resume tokens.
I know that these keys are typically created by login services (via ServiceConfiguration), and that the keys for enabled login services are kept in meteor_accounts_loginServiceConfiguration
.
This made me wonder if it is safe to add keys to the user’s service
key, unless they conflict with any of the keys setup in meteor_accounts_loginServiceConfiguration
?