Alternative email as authentication

I have this scenario where users are expected to fill up an alternative email address and use that to authenticate user but I don’t know how or if there is an existing API that can be used to do that. I would like to know it.

You probably need to design a custom auth:
Notice that here i’m using GraphQL API for internal calls, i’m also using Typescript

// Custom Email Auth module
export const CustomEmailAuth = {
	async validateAuthData(authData: CustomAuthEmailInput) {

        // is email, need to keep this name for Parse Server auth engine
		if ( && authData.password) {
            // Auth data should be already set on the user
			const { users } = await client.findUsersByCustomAuth({ email: })

			if (users.edges?.length === 1 && users.edges[0] && users.edges[0].node) {
				const user = users.edges[0].node
				// Additional safety check
				if (
					user.authData?.customEmail?.id === &&
					user.authData?.customEmail?.password &&
					user.authData.customEmail.password ===
				) {
                // Always throw by default for security purpose
		throw new Error('Invalid authData')

	async validateAppId() {
		return true
// On the Parse Server Config
auth: {
    customEmail: {
        module: CustomEmailAuth,
# The query used to find the user
query findUsersByCustomAuth($email: Any!) {
    users(where: { authData: { equalTo: { key: "", value: $email } } }, first: 2) {
      edges {
        node {
          authData {
            customEmail {

Sorry I should have stated my tools first and made clear of the statement of what I’m trying to do. I’m not familiar with GraphQL, I only used, NodeJS Server and JS-SDK.

Let’s say, A user signed up with email and password. The username is what the user inputted as their email. Aside from it was personal info, and then alternativeEmail field as part of _User class name.

The next time, that user logged in, he decided to use his alternative email address to authenticate.

How will I be able to do that?

Based on your solution, I need to setup a custom authentication (though I need to study custom auth first), and in the client, I need to provide an AuthProvider and use linkWith?

Yes custom auth + linkWith, parse server donnot support alternative emails for auth

Upon looking at UsersRoute of PS, I just saw how they handle querying for email, username, and password comparison using crypto. I’ll try to mimic haw they did it.

You can use this simple cloud code:

Parse.Cloud.define("loginWithAlternativeEmail", async (request) => {

  var alternativeEmail =;

  var pass = request.params.pass;
    throw "error";

  var userQuery = new Parse.Query(Parse.User);
  var result = await userQuery.find();
    throw "loginError";

  var tempUser = result[0];
  var user = await Parse.User.logIn(tempUser.get("username"),pass);
  return user.getSessionToken();


Then use become method in javascript using sessionToken that cloud code returned.


1 Like

Yes more affordable solution ! Thanks @uzaysan

1 Like

Thanks to both of you. @uzaysan I was wondering, is there any security risk like checking the number of attempts and so on?

I don’t think failed attemps would be security risk. Parse server itself comes with unlimited login try by default. But if you wanna restrict login after x times fail You can use accountLockout policy. More information of parse parameters can be found here

Is there a way to pull that from parse server so that I will be able to re-use that kind of logic?

I didn’t understand what you said. English is not my native language. Can you explain a little simple?

So do I :laughing:

I want to know if there is a way to re-use the logic of account policy from parse server instead of creating your own account policy?

So I guess you are talking about the code I posted above. It doesn’t change parse server account policy. It uses it. So normal account login/register should be work fine. Its just cloud code. It doesn’t change parse server behaviour.

Oh I see. Thanks a lot.