CODEWITHSUNDEEP
restsessionparse-platform
Rahul Sainani
Rahul Sainani

Reputation: 3717

How to use new enhanced sessions in Parse with users created on cloud code?

I was trying out the new enhanced revocable sessions in Parse on my Android app. It works well when logging in or signing up via email password or facebook but doesn't work well for custom authentication, e.g. google+.

I'm currently logging in the user using the cloud code which also creates the new user when signing up. This does not create a new Session object, that means the new enhanced sessions are not used and it still uses the legacy sessions.

I pass the session token back to client where using the become method the user logs in but it's the legacy sessions.

This feels like the feature is not complete but I would really like to move to the new enhanced sessions with my app. Has anyone worked with them yet? Are there any workarounds using the REST API or by creating the sessions manually and handling them manually? I looked into the JS API but it says it's only read only.

Here's the Blog post on Enhanced Sessions.

Where should I go next?

Upvotes: 4

Views: 1676

Answers (1)

Arturo
Arturo

Reputation: 548

Yes, I found a solution but it's a workaround, works for my case because I don't support signing up with user/password.

Basically, the solution (cloud code) in semi pseudo-code is:

  1. Fetch the user with master key
  2. Check if user.getSessionToken() has value
  3. if it has, return the session token and do a user.become() in the client as usual
  4. if it's not, here the workaround, do the following:
  yourPreviousPromiseInOrderToChainThem.then(function(user) 
    password = new Buffer(24);
    _.times(24, function(i) {
      password.set(i, _.random(0, 255));
    });
    password = password.toString('base64')
    user.setPassword(password);
    return user.save();
  }).then(function(user) {
    return Parse.User.logIn(user.get('username'), password)
  }).then(function(user) {
    var sessionToken = user.getSessionToken();
    // Return the session token to the client as you've been doing with legacy sessions
  })

That means, I'm changing the user password each time in order to make a remote login and, of course, I know thist can't be applied to all cases, it's enough for app because I don't support login with user/password (only third party logins) but I understand that maybe it's not for all cases. I got the idea from this official Parse example.

I don't like this solution because I think is not a workaround, it's a mega hack but I think there is no other way to do it currently (either Parse.com or Parse-Server)

If you find other workaround, please, share it :)

Upvotes: 2

Related Questions