Create a session token in cloud code without password

[davbeck]

I'm trying to login a user from a cloud function. The idea is to return a session token and then have the client use PFUser.become. According to the documentation for getSessionToken should work if using the master key:

Returns the session token for this user, if the user has been logged in, or if it is the result of a query with the master key. Otherwise, returns undefined.

But this doesn't seem to work. It still returns undefined using the following code:

const user = await new Parse.Query(User)
    .equalTo('username', phoneNumber)
    .first({ useMasterKey: true })
console.log('user', user, user.getSessionToken())

Similarly trying to call login without a username or password fails:

await user.logIn({ useMasterKey: true })

I could set a new password and login that way, but it feels like there should be a better solution?

[dplewis]

I think you should pass in an installationId. See my #6636 (comment) to see why it wouldn't work (similar concept).

I did a PR a while ago for this exact issue parse-community/Parse-SDK-JS#1031

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[sadortun]

@davbeck did you get it to work ?

[Chocolladin]

@sadortun @davbeck you managed to find a solution ? i tried passing and installationId also, still gettting undefined ...

[mtrezza]

Reopening as there has been recent activity and the issue still seems to exist.

[mtrezza]

@Chocolladin Would you want to submit a PR with a failing test so we can look into it?

[Chocolladin]

@mtrezza

Dear Manuel, that you for your quick response.

I'am not very familiar with PR and github, not being a dev in the first place, i will try though to be as precise as possible. Here is what i am trying to achieve :

Client side (react-native),

1. login with Firebase, getting an authentified Token and sending this Token to parse server.

On parse server,
2. Verify this token, and if OK,
3. sign corresponding parse user in cloud code.
4. Then getsessionToken, send back to client,
5. and finally on client use Parse.User.become(token).

Step 3 isnt working and here is the code i am using :

const query = new Parse.Query(Parse.User);
query.equalTo('fuid', fuid); //in parse user i have a field with the uid corresponding to firebase user.
	const user = await query.first({useMasterKey: true});
	let installationId ='13245678';
        //await user.logIn({useMasterKey: true, installationId: installationId}); //fails.
        const parseUserSessionToken = await user.getSessionToken({useMasterKey: true, installationId: installationId}); //returns undefined
        console.log('parseUserSessionToken: ', parseUserSessionToken);

NB: Moreover, i am not using the parse-server-firebase authentication module because of 2 reasons :

• I dont want to store tokens in DB,
• Verification against provider (in our case Firebase), is made only on first login and no more. (Consequence for ex: someone can login with an expired firebase token if its this one stored in the authData in DB.)
• See How to validate third party auth token on server? #6443 (comment)

Can this be enough for now ?

Thank you,

Regards,

Bertrand

[Yurgal]

Hi @Chocolladin

Did you find any solution ?
I want to switch the session of a client without using a password.
In a cloud function, I am trying to do the exact same thing that you do in your step 3, then send to the client it's new session.
As you, using user.login or user.getSessionToken doesn't work for me.

Regards,

Killian

[mtrezza]

On parse server,
2. Verify this token, and if OK,
3. sign corresponding parse user in cloud code.
4. Then getsessionToken, send back to client,
5. and finally on client use Parse.User.become(token).

This should be possible.

If we can get a failing test, that would be a first step to solve this. If you need any guidance for how to write a test, please feel free to ask, it should be fairly simple in this case.

[Yurgal]

Hi @mtrezza,

Can you explain me how to write a test ? I should be able to do it.