Disable default user authentication in parse server

parse-server

How can we prevent user from signing up with username and password?

we want our users to only login with account kit and don't want someone try to sign up with email address or other login methods.

we don't provide this as our auth but someone can create a custom login code and try to manipulate our parse server to bypass the auth method.

oauth: {
        accountkit: {
            appIds: '',
            appSecret: ''
        },
        **email: false**
     },

is there any option to disable legacy signup method? (email: false)?

Best Answer

in my app which use Facebook and Twitter Oauth for login/registrer user. I control in before save trigger if the user provide authData.

Parse.Cloud.beforeSave(Parse.User, function(request, response) {
  const user = request.object;
  if (user.get("authData")) {
    response.success(request.object);
  } else {
    response.error("Only oauth allow");
  }
});

I don't know if it's a good method but it lock the signup with username/password.

Edit : The first solution is not good because it will throw error every time the user is updated I found a better solution :

if (request.user || request.master) {
    response.success(request.object);
} else {
  const user = request.object;
  if (user.get("authData")) {
    response.success(request.object);
  } else {
    response.error("Only OAuth login allowed");
  }
}

IIn this case we did the control only if the request is not executed by a logged user or using the masterKey (parse dashboard for exemple)

Best Answer

Related Solutions

Related Topic