Meteor share sessions data between client and server

Question

I'm building a restricted signup. I want user with a specific code passed in a url to be able to signup and not others. I'm using the accounts package.

I can prevent account creation in the Accounts.onCreateUser method. I'm looking for a way to tell the server if the client had an authorised signup code. With a classic form (email+password) I can just add an extra hidden field. How can I achieve the same result if the user signs up with let's say Facebook?

Since Meteor doesn't use cookies, I can't store this info in a cookie that the server would access. Session variable are not accessible server side. And since I'm not controlling what got send with the account-facebook creation, I can't use a Session variable on the client side that I'd pass along when the user presses sign up.

Any idea"?

Answer 1

for me, the best option here was passing in custom parameters to loginbuttons.

see the package docs: https://github.com/ianmartorell/meteor-accounts-ui-bootstrap-3

Where it outlines the below:

    accountsUIBootstrap3.setCustomSignupOptions = function() {
        return {
            mxpDistinctId: Session.get('mxpdid'),
            leadSource: Session.get('leadSource')
        }
    };

Answer 2

Just add the special token to the user object being passed to Accounts.createUser():

var user = {
    email: email,
    password: password,
    profile: {
        token: token
    }
};
Accounts.createUser(user, function (error, result) {
    if (error) {
        console.log(error)
    }
});

On the server side you can access this in the Accounts.onCreateUser():

Accounts.onCreateUser(function(options, user) {
    console.log(options);
    console.log(user);
});

I think it's in the options variable that you will find your token, so it would be options.profile.token.