Connect multiple authentication methods to single SyncUser

[timshadel]

Let's say a user signs up using their email address and password. Later they want to do something in the app that requires Facebook, so they connect to Facebook inside the app. I want to add the Facebook credential to the existing SyncUser so that when the user logs in on another device they can simply login with Facebook and get all of their data.

At the moment it seems like a SyncUser == credentials, instead of SyncUser has many credentials. I've seen hints at a permissions API coming soon that would let me build a poor man's version of this on my own (granting access for the new credentials to see my current credentials' data), but since authentication is handled by the server, this really seems like something the platform would provide better than a hacked solution.

Let me know if I've missed something in the docs or API that lets me do this already. Thanks!

[mrackwitz]

At the moment it seems like a SyncUser == credentials, instead of SyncUser has many credentials.

That's the limited way it is exposed so far. But we thought about this use-case and have nearly everything in place to expose that it's truly already a one-to-many relationship between a User and an Account in the admin-Realm, which manages the user data on the server-side.

Let's say a user signs up using their email address and password. Later they want to do something in the app that requires Facebook, so they connect to Facebook inside the app. I want to add the Facebook credential to the existing SyncUser so that when the user logs in on another device they can simply login with Facebook and get all of their data.

While the use case you describe seems on the first look relatively easy to support, generic support for linking accounts brings up a few further challenges for edge cases we would want to cover.

Assume the user has registered via email address and password from her iPad and started using your app, say to create a todo list for getting her motorcycle ready for riding season. But then she is using the app as well on her iPhone, but logs in via Facebook. There she manages her grocery shopping. Later she finds out that it is possible in your app to connect an existing account to Facebook, so she does that from her iPad, assuming that she will get both lists now on her tablet.

As merging Realms isn't exactly trivial, we would prefer not leaving this up to you without any assistance. Therefore we're looking into ways how this can be handled.

I've seen hints at a permissions API coming soon that would let me build a poor man's version of this on my own (granting access for the new credentials to see my current credentials' data)

That's indeed coming and would theoretically allow to share data between independent users by custom application logic on the client-side.

[B]ut since authentication is handled by the server, this really seems like something the platform would provide better than a hacked solution.

Even though authentication is handled by the server, be aware that the access tokens for third parties aren't stored in the server. Instead they are verified to retrieve a unique user identifier which is stored in the admin-Realm. If you want to use the connection to a social networks for purposes beyond authentication, this would need to happen in custom logic. (e.g. a custom authentication provider could be used in the enterprise edition; in the developer edition a dedicated table in a private Realm of the user could be used to manage access tokens in there)

Let me know if you need further assistance.

[timshadel]

Excellent synopsis. I'm excited to see it evolve over time, and I'm glad to see you're covering a wide variety of use cases to make sure the implementation is solid. 👍