feat: Update how we store secrets in the extension

[Dr0p42]

Make use of api.naas.ai/secret

Goal

The goal is to now make use of api.naas.ai/secret to make it easier for the extension to update linkedin:

• LI_AT
• JSESSIONID

You can see the full spec on https://api.naas.ai/docs.

Authenticate over api.naas.ai

The authentication process is a bit different than before. The way it works now is that you need to grab an access_token from naas.ai. So, as a user, when I login into naas.ai, the token in stored in the local storage as you can see here:

Now if you grab this access_token you can trade it for what we call a "long lived token" on this url: https://auth.naas.ai/bearer/workspace/longlived, you can find the documentation here: https://auth.naas.ai/docs#/default/workspace_token_to_longlived_jwt_bearer_workspace_longlived_get

The documentation allows you to test it directly:

Once you have the token, you should safely store it in the local storage of the extension for future use.

It should be passed like Authorization: Bearer <longlivedtoken> in HTTP headers.

Use the secret api

Here you can find the documentation of the secrets endpoints: https://api.naas.ai/docs#/secret

As you can see you can:

• List
• Create: This one will create and/or update if it already exists.
• Get:
• Delete

Linkedin example

Let's say you need to update the LI_AT secret, you should be able to do it like so:

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Accept", "application/json");
myHeaders.append("Authorization", "Bearer <The Long lived token>");

var raw = JSON.stringify({
  "secret": {
    "name": "LI_AT",
    "value": "MyLIATToken"
  }
});

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://api.naas.ai/secret/", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

[Dr0p42]

This is done