ids_for_business/token_for_business in facebook connect

[ronnno]

Hello,
Is there any treatment of the ids_for_business or token_for_business currently in the facebook authentication adapter?

I am trying to support two facebook apps for authenticating users in Parse, where same facebook account's users should be mapped to the same _User objects in Parse (Facebook allocates new ids for each facebook application).
Proper mapping can be achieved using Business Manager API, Is this currently supported?

Please see explanation and comment here https://stackoverflow.com/questions/45280781/parse-server-facebook-login-link-users-with-business-mapping-api

Thanks,
Ron

[flovilmart]

At the moment it’s not explicitely supported, but as long as you pass a valid authData payload, you can add any additional key you want to that object. You don’t need to te-link the user with is for business nor the token I believe as the user will not be able to provide this info from the client.

You can probably just save it in cloud code.

If that’s not the case, you can write a custom auth adapter, that would validate your id and tokens for business in a similar way we validate the id and token.

[ronnno]

The token_for_business and ids_for_business cannot be used to authenticate directly.
After authenticating (getting a local scope ID and token) the token can be used to get a list of all other valid IDs for the same facebook account.

So my idea was, once the user has authenticated and provided me with an id+token, to:

1. Validate the provided token
2. Check if a user already exists with the current ID. If user exists jump to 6.
3. Retrieve from Graph API any other ids that exist for this user under different apps (by calling /me/ids_for_business). If no other ids are available other than the one provided by the client, jump to 6.
4. Lookup any matching Parse User for the any of the IDs found in step 3. If no user is found, jump to step 6.
5. If a user already exists for any one of the ids, Override it's authData with the existing token with the new id+token+expiration.
6. Authenticate normally using the provided user ID and token - this will yield the old user (if one was found in steps 4 and 5), or a new user if none existed.

Is there a good reference on extending auth adapter?

[flovilmart]

You should be able to replace the Facebook auth adapter at startup configuring auth: { facebook: myadappter }} as long as tout adapter provides both the original methods for id/token validation

[ronnno]

I've implemented in my own login function in cloud code. The place I'd ideally put this logic would be in findUsersWithAuthData rather than the auth adapter itself.
But findUsersWithAuthData is not exposed in the auth adapter interface, so I'm leaving it as an explicit function in my code.

Will be happy to share my code if it is of interest..

[flovilmart]

Good to hear you have a solution that fits the bill. As for modifying findUsersWithAuthData to handle the specific logic bit, I don’t believe this is the kind of changes we want to support as very specific to a particular behavior you’re looking for.

Closing now as it seems you’re well on your way with your solution.