After I save my user using a third party authentication, some sensitive data keeps saved in the user’s authData
field, like the external auth token and id of the user. For security reasons, like to prevent exposing this info in a case where the DB leaks, I wanted to remove the authData
value:
Parse.Cloud.afterSave(Parse.User, async request => {
// This prevents an infinite loop from cleaning authdata from the user.
if (!request.object.get("authData")) return;
// Remove session sensitive data from third party auth
request.object.set("authData", null);
request.object.save(null, { useMasterKey: true });
});
Internal (Parse) session info is ok to keep. But external tokens and ids are dangerous.
In this code, I get the error:
Error: This authentication method is unsupported.
Is there a way to do this?