`linkWith` no longer returns a `sessionToken`

tayloruk · September 29, 2022, 7:20pm

We’ve been using the following code for 3rd party auth via AD for a long time without issues, however, upgrading from v4.10.3 > v5.2.5 breaks the linkWith function, which historically returned a sessionToken (as documented here: JavaScript Developers Guide | Parse.

  let ssoUser = new Parse.User({
    firstName: userData.firstName,
    lastName: userData.lastName,
    email: userData.email.toLowerCase(),
    username: userData.email.toLowerCase(),
  });

  ssoUser = await ssoUser.linkWith(
    'microsoft',
    { authData: authData.microsoft },
    { useMasterKey: true }
  );

  console.log(ssoUser.getSessionToken()) // undefined

Any suggestions are welcome, thank you.

davimacedo · October 3, 2022, 9:18pm

I guess the problem is happening because you are using the { useMasterKey: true } option. Could you please try without it?

tayloruk · October 4, 2022, 9:51am

Hi @davimacedo , unfortunately not. first I got the error Clients aren't allowed to manually update email verification. So I commented out the emailVerified: true, section, and got the same behaviour - no session token returned from the linkWith function.

Any other thoughts would be very welcome.

Cheers

davimacedo · October 4, 2022, 4:35pm

Maybe you found a bug. Would you be willed to open a PR to the Parse Server project with a failing test case?

tayloruk · October 5, 2022, 8:31pm

More than willing to do that, once I have figured out how. Leave it with me.

tayloruk · October 7, 2022, 11:35am

Hi @davimacedo I was unable to get the test case to fail, so I have been checking all the differences in my update branch and came across the change in 5.x, which makes directAccess: true by default. I changed this to false in the parse config object and everything miraculously works perfectly.

I’ve been reading up a little on the directAccess changes and I’m not sure I fully understand it, and unsure how much of a performance hit I will have by turning it off (I guess not a hit, but no improvement from 4 > 5).

Do you think there is scope for me to make an improvement to the tests / codebase with this finding, or is it just down to my unique implementation?

davimacedo · October 11, 2022, 4:37pm

It can be something unique to your implementation. Since the directAccess option is making difference on how your code behaves, I assume this code is actually a cloud code function, right? Would you mind to share the cloud code function that you have in place for that?

tayloruk · October 11, 2022, 6:41pm

Sure,

Here is the code:

async LoginUser(request) {
    let user;
    const { username, password, installationId, authData } =
      request.params;

    // If this is an SSO login, it will send { authData: { microsoft: { id, access_token } } }
    if (authData && authData.microsoft) {
      // for now we only support microsoft
      const msalProfile = await getMsalProfile(authData.microsoft.access_token);

      let firstName = msalProfile.givenName;
      let lastName = msalProfile.surname;

      const userData = {
        firstName,
        lastName,
        email: msalProfile.mail || msalProfile.userPrincipalName,
        profession: msalProfile.jobTitle,
      };

      let ssoUser = new Parse.User({
        firstName: userData.firstName,
        lastName: userData.lastName,
        email: userData.email.toLowerCase(),
        username: userData.email.toLowerCase(),
        profession: userData.profession,
        emailVerified: true,
        isSSO: true,
      });

      ssoUser = await ssoUser.linkWith(
        'microsoft',
        { authData: authData.microsoft },
        { useMasterKey: true }
      );

      user = ssoUser;
    } else {
      // Otherwise, this is a username/password login so we proceed as normal
      const userQuery = new Parse.Query(Parse.User).equalTo(
        'username',
        username
      );

      user = await Parse.User.logIn(username, password, { installationId });
    }
    return user;
  }

davimacedo · October 11, 2022, 6:44pm

Is it a trigger or cloud function?

tayloruk · October 11, 2022, 7:00pm

It is a cloud function.

davimacedo · October 11, 2022, 8:33pm

I still believe that it should return the session token without using the useMasterKey option and even from cloud code using directAccess option. Maybe it is a bug on the directAccess option. If you could try once more to write a failing test case in parse server in which you have this option set true and see if you can reproduce. Another idea would be trying something like this:

let ssoUser = new Parse.User({
        firstName: userData.firstName,
        lastName: userData.lastName,
        email: userData.email.toLowerCase(),
        username: userData.email.toLowerCase(),
        profession: userData.profession,
        emailVerified: true,
        isSSO: true,
        authData
      });
await ssoUser.save();

Manuel · October 12, 2022, 7:39pm

I just tried it out with the REST API with PUT to endpoint <parse-server-url>/users and body:

{
    "authData": {
        "facebook": {
            "id": "...",
            "access_token":	"...",
            "expiration_date": "..."
        }
    }
}

The sign-up was successful and the response included the session token. Parse Server 5.2.7

I suggest you also try it with the REST API, as it cuts out the Parse JS SDK and lets you determine whether there is an issue with the server.

tayloruk · October 12, 2022, 7:51pm

You cannot set some of the values on the _User without using masterkey, emailVerified for example.

I will take a look at what Manuel suggested and see how I get on.

Manuel · October 12, 2022, 8:32pm

The default is not true in Parse Server 5, it’s still false. The PR you referenced only officially deprecated the default state. The default is scheduled to change from false to true in Parse Server 6.

You cannot set some of the values on the _User without using masterkey, emailVerified for example.

Which values are these? That would be good to know, so maybe try one by one and see which one(s) you cannot set.

cbaker6 · October 12, 2022, 10:37pm

Sounds like it could be similar to an issue that occurred with the Swift SDK:

github.com/parse-community/Parse-Swift

Parse decoding error at ParseAuthentication linkCommand when sessionToken is missing from response

opened 02:20PM - 01 Apr 21 UTC

closed 09:27AM - 02 Apr 21 UTC

funkenstrahlen

type:bug

I see a parse JsonDecoder error: ``` ParseError code=-1 error=Error decoding… parse-server response: Optional(<NSHTTPURLResponse: 0x6000006e84c0> { URL: https://podlive-parse-server.herokuapp.com/parse/users/jXjF1qjJhw } { Status Code: 200, Headers { "Access-Control-Allow-Headers" = ( "X-Parse-Master-Key, X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, X-Parse-Request-Id, Content-Type, Pragma, Cache-Control" ); "Access-Control-Allow-Methods" = ( "GET,PUT,POST,DELETE,OPTIONS" ); "Access-Control-Allow-Origin" = ( "*" ); "Access-Control-Expose-Headers" = ( "X-Parse-Job-Status-Id, X-Parse-Push-Status-Id" ); Connection = ( "keep-alive" ); "Content-Length" = ( 40 ); "Content-Type" = ( "application/json; charset=utf-8" ); Date = ( "Thu, 01 Apr 2021 13:24:07 GMT" ); Etag = ( "W/\"28-69gFBc5Q54gsdpFK0tjSk36K+Xc\"" ); Server = ( Cowboy ); Via = ( "1.1 vegur" ); "X-Powered-By" = ( Express ); } }) with error: Die Daten konnten nicht gelesen werden, da sie fehlen. Format: Optional("{\"updatedAt\":\"2021-04-01T13:24:07.647Z\"}") ``` It says *data can not be read because its missing*. I tracked it down to this location in ParseSwift code: https://github.com/parse-community/Parse-Swift/blob/453ebdbcddf30cf3baad6bcf79fbc1fc0ba07fe2/Sources/ParseSwift/Authentication/Protocols/ParseAuthentication.swift#L429 The data object received from the server looks like this: ``` "{\"updatedAt\":\"2021-04-01T13:25:40.915Z\"}" ``` However ParseSwift expects this format: ```swift internal struct UpdateSessionTokenResponse: Decodable { var updatedAt: Date let sessionToken: String } ``` The sessionToken is missing. This might be caused by using authentication wrong in my code. However I think a missing session token in the response should be handled explicitly by ParseSwift at this code location instead of just throwing an bad response format error. What do you think?

When linking a user, a sessionToken isn’t always provided.

Also, one of the developers found something related to preventLoginWithUnverifiedEmail, in which, depending on what flags preventLoginWithUnverifiedEmail changes, could be causing sessionToken not to be sent:

github.com/parse-community/Parse-Swift

Response parsing error when ParseUser is successfully signed up

opened 01:12AM - 08 Jan 22 UTC

closed 11:15PM - 24 Jan 22 UTC

Climbatize

type:bug

### New Issue Checklist  - [X] I am not disclosing a [vulnerability](https://github.com/parse-community/Parse-Swift/security/policy). - [X] I am not just asking a [question](https://github.com/parse-community/.github/blob/main/SUPPORT.md). - [X] I have searched through [existing issues](https://github.com/parse-community/Parse-Swift/issues?q=is%3Aissue). - [X] I can reproduce the issue with the latest versions of [Parse Server](https://github.com/parse-community/parse-server/releases) and the [Parse Swift SDK](https://github.com/parse-community/Parse-Swift/releases). ### Issue Description When sining up a User Parse sever response may not contain a sessionToken (Parse 4.2) ### Steps to reproduce - Create a ParseUser subclass ```swift import Foundation import ParseSwift struct User: ParseUser { var emailVerified: Bool? var password: String? var authData: [String: [String: String]?]? var createdAt: Date? var updatedAt: Date? var ACL: ParseACL? public var objectId, email, qrCode: String? } ``` - Uses one of the ParseUser methods to sign up an instance () ```swift var user = User(); user.password = password; user.username = username; user.email = email; user.qrCode = ""; user.signup() { result in switch result { case .failure(let error): //: Publish error. self.error = error print(error.message) case .success(user): print("Successfully queried data") case .success(_): print("Successfully queried data") } } ``` or ```swift var user = User(); user.password = password; user.username = username; user.email = email; user.qrCode = ""; let publisher = user .signupPublisher() .sink( receiveCompletion: { result in switch result { case .failure(let error): //: Publish error. self.error = error print(error.message) case .finished: print("Successfully queried data") } }, receiveValue: { user in self.user = user } ) publisher.store(in: &subscriptions) ``` ### Actual Outcome Subscription results as an unknown error but the ParseUser is stored in database ### Expected Outcome Returns a success or an explaination on why the outcome is an error ### Environment Client - Parse Swift SDK version: `3.0.0` - Xcode version: `13.2.1` - Operating system (iOS, macOS, watchOS, etc.): `iOS` - Operating system version: ` 13-15` Server - Parse Server version: `4.2.0` - Operating system: `N/A` - Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): `Back4App` Database - System (MongoDB or Postgres): `MongoDB` - Database version: `3.6` - Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): `Back4App` ### Logs ``` (ParseSwift.ParseError) error = { code = unknownError {} message = "Invalid struct: No value associated with key CodingKeys(stringValue: \"sessionToken\", intValue: nil) (\"sessionToken\")." otherCode = nil { some = (_value = 0) } } ```

Also see:

github.com/parse-community/Parse-Swift

Response parsing error when ParseUser is successfully signed up

opened 01:12AM - 08 Jan 22 UTC

closed 11:15PM - 24 Jan 22 UTC

Climbatize

type:bug

### New Issue Checklist  - [X] I am not disclosing a [vulnerability](https://github.com/parse-community/Parse-Swift/security/policy). - [X] I am not just asking a [question](https://github.com/parse-community/.github/blob/main/SUPPORT.md). - [X] I have searched through [existing issues](https://github.com/parse-community/Parse-Swift/issues?q=is%3Aissue). - [X] I can reproduce the issue with the latest versions of [Parse Server](https://github.com/parse-community/parse-server/releases) and the [Parse Swift SDK](https://github.com/parse-community/Parse-Swift/releases). ### Issue Description When sining up a User Parse sever response may not contain a sessionToken (Parse 4.2) ### Steps to reproduce - Create a ParseUser subclass ```swift import Foundation import ParseSwift struct User: ParseUser { var emailVerified: Bool? var password: String? var authData: [String: [String: String]?]? var createdAt: Date? var updatedAt: Date? var ACL: ParseACL? public var objectId, email, qrCode: String? } ``` - Uses one of the ParseUser methods to sign up an instance () ```swift var user = User(); user.password = password; user.username = username; user.email = email; user.qrCode = ""; user.signup() { result in switch result { case .failure(let error): //: Publish error. self.error = error print(error.message) case .success(user): print("Successfully queried data") case .success(_): print("Successfully queried data") } } ``` or ```swift var user = User(); user.password = password; user.username = username; user.email = email; user.qrCode = ""; let publisher = user .signupPublisher() .sink( receiveCompletion: { result in switch result { case .failure(let error): //: Publish error. self.error = error print(error.message) case .finished: print("Successfully queried data") } }, receiveValue: { user in self.user = user } ) publisher.store(in: &subscriptions) ``` ### Actual Outcome Subscription results as an unknown error but the ParseUser is stored in database ### Expected Outcome Returns a success or an explaination on why the outcome is an error ### Environment Client - Parse Swift SDK version: `3.0.0` - Xcode version: `13.2.1` - Operating system (iOS, macOS, watchOS, etc.): `iOS` - Operating system version: ` 13-15` Server - Parse Server version: `4.2.0` - Operating system: `N/A` - Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): `Back4App` Database - System (MongoDB or Postgres): `MongoDB` - Database version: `3.6` - Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): `Back4App` ### Logs ``` (ParseSwift.ParseError) error = { code = unknownError {} message = "Invalid struct: No value associated with key CodingKeys(stringValue: \"sessionToken\", intValue: nil) (\"sessionToken\")." otherCode = nil { some = (_value = 0) } } ```

badboy_tian · January 1, 2024, 4:59am

any update? I’m having this problem too.

user = await Parse.User.logInWith(platform + "_unionid", {
            authData: {
                id: unionid
            }
        }, {useMasterKey: true})

        sessionToken = user.getSessionToken();

sessionToken is undefined

parse-server 6.4.0

badboy_tian · January 1, 2024, 5:08am

when i set directAccess: false, it work nice. but i do not know why