Parse-server: Custom auth documentation on wiki insufficient

You can't really migrate custom auth from parse.com to hosted parse, but i agree the documentation could me clearer.

What do you need in particular? Using the provided auth services or developing new ones?

We have custom cloud code working on Parse.com that exchanges an auth token from our auth provider for a Parse session token. This code was implemented prior to revocable sessions and the app on Parse.com has not been migrated to revocable sessions. We are now working on migrating to self-hosted parse-server which only supports revocable sessions. The documentation for custom auth for Parse.com was never very good and it's even worse for parse-server. Trying to do both things at once, migrate to revocable sessions and self-hosted parse-server, with custom cloud code is proving to be a mess.

For parse-server you don't need custom cloud code for custom authentication if you wish to leverage the current infrastructure. Otherwise your code should work as is, (given that you upgrade to revocable sessions). The new oauth mechanism have to be triggered from the clients, not from Cloud Code.

Is there any documentation on the new oauth mechanism for mobile, non-web clients? Is there any documentation on how to support revocable sessions in custom cloud code?

See: http://parseplatform.github.io/docs/parse-server/guide/#oauth-and-3rd-party-authentication

And: https://parseplatform.github.io/Parse-SDK-iOS-OSX/api/Classes/PFUser.html#/c:objc(cs)PFUser(cm)registerAuthenticationDelegate:forAuthType:

Yeah, I've looked at the first link and that documentation on third-party auth is so thin. It describes the what but not the how.

There are plenty of examples here: https://github.com/ParsePlatform/parse-server/blob/master/spec/OAuth.spec.js

Hello,

I have been struggling now for a few days to get an 3rd party auth working.

Case is as followed:

• I have an existing parse application with user accounts and want to move in an 3rd authentication & identity provider (keycloak).
• I have three clients : one IOS App, one Android app and one web app in Angular 1 -> the web client uses Parse Javascript SDK. Keycloak provides their own javascript SDK
• For now I am working on the web app authentication. Intention is when the web page is opens , the user get's redirected to the identity provider's logon page, gives id and pass, gets authenticated, provider redirects with oauth tokens..

After a lot of searching in the code and examples I have managed to make the following work.

• I created a auth adapter and plugged it in the parse server. The adapter gets via authData the token to verify -> calls keycloak REST endpoint for verification and returns if ok . This works fine.
• I have integrated the keycloak javascript API in the Angular app, the api gets initialized, user gets redirected, tokens are recieved and stored in session. This also works fine

Question is now , how do I link this with the existing account in Parse ?

I can create an authData object with access_code and call Parse.User.loginWith('keycloak', authdata). This works off course, but I always get a new user object.

I cannot figure out where the link is made with the existing user? I expected to get at some point the actual Parse user object back to continue to work in the web app.

I am obviously missing something here, but cannot find a lot of more info.

Can you help me ?

Thank you

Bart

Hey Bart,

You can use the user._linkWith('keycloak', authdata) if you have a user already authenticated, I'm not sure why the methods is _linkWith as it should be public now :)

Hi, thank you for the quick reply.

I understand. But where do I get the user object ? At this stage I am not yet logged in in parse.
I already tried searching for a user based on username:

var uquery = new Parse.Query("_User");
        uquery.equalTo("username", $rootScope.currentUser.id);
        uquery.first().then(
          function(user) {
            user._linkWith('keycloak', authData);
          }
        );

I get somewhere in my logs a 400 error on a POST

POST https://<server>/classes/_User/HnYaR1wINR 400 (Bad Request)

In my production app, the public read is false by the way. Not sure if this can work. Master key is also not an option in the client.

Any suggestions ?

Hi,

The 400 error shows up as followed in my server log:

3|dev-iam- | error: Error generating response. ParseError { code: 206, message: 'Cannot modify user hHuQ3k41Aj.' } code=206, message=Cannot modify user hHuQ3k41Aj.
3|dev-iam- | error: Cannot modify user hHuQ3k41Aj. code=206, message=Cannot modify user hHuQ3k41Aj.
`

Hi,

I found following section in the REST documentation:

https://parseplatform.github.io/docs/rest/guide/#linking

If I create the user manually in the Dashboard and add the authData field manually ... calling the

/users endpoint with the same authData seems to work.

Now need to figure out how to incorporate this in a register-login-logout flow.

Hi
I have added more to the js guide
http://docs.parseplatform.org/js/guide/#linking-users

Awesome! I believe we can close that one now.

All those links are 404... Do you know where they have been moved to?

Im almost 100% certain that this part does not work (with google auth at aleast): https://docs.parseplatform.org/js/guide/#linking-1

You end up getting the following error:

 error: Cannot modify user JzDZZ4XjW5. ParseError: 206 Cannot modify user JzDZZ4XjW5.

I will create a separate issue for this.

@bartroelands Can you post the code you used to connect the server to Keycloak? This would help me and the community a lot about the implementation. Maybe I could improve the documentation with this info.