How to write my own Auth Provider for QR code login?

We want create a QR code login Auth provider and the login process should be:

  1. User use 3rd party mobile app to scan the QR code (dynamically generated by 3rd party server) on our web page
  2. Our front end page will get a callback with 3rd party temp access code
  3. We send the temp access code to our server and our server will talk to 3rd party auth server to get user access token and user info (user id, email and etc)
  4. We will associate the 3rd party user with our user (matching email) and log the user in

We want to use Parse.User.LogInWith() or Parse.User.become() from JS SDK on our front end. But we were facing some technical pitfalls:

  1. 2-steps process for LogInWith(), we stuck at associating the 3rd party user with ours: we tried manually add authData for _User or using linkWith(), but they all return errors complaining: 206 cannot modify user xxxxxx.
  2. We also tried to manually create a fake sessionToken and send it back to front-end, so it can use Parse.User.become(). It looks like a success at the beginning, but having errors when accessing the data later.

Any idea on what is the right approach to do this?

Some update: linkWith() finally works with {useMasterkey: true}.

So this is how it works:

  1. front end call proprietary API(with temp access code) before LogInWith()
  2. Server uses temp access code to get 3rd party user id, email, and access token
  3. Server use linkWith() to link the 3rd party user with local user (if not linked yet)
  4. Server return 3rd party user id and token to front end through proprietary API
  5. front end use 3rd party user id and token and call LogInWith()