Integrating Meteor accounts with a native social login provider

help
1

I am trying to integrate Meteor accounts with social logins in a native app (iOS, Android). In my use-case, the native app is a Unity-based app written in C#. But I guess the same applies to any native app that wants to integrate native social logins with a Meteor backend.

My intended flow is as follows:

  • In the native app, the user signs in with a login provider, e.g. “Sign in with Apple”
  • The provider sends back the credentials, once the native auth handshake is finished
  • Now I want to set-up a new user in the Meteor backend (or link it to an existing account, using meteor-link-accounts), based on these credentials
  • And then login this user via DDP, using the credentials

I analyzed the typical OAuth flow Meteor uses in web applications and have noticed that

  • The social provider sends some tokens back to the /_oauth/<service> endpoint
  • The server takes this data to finish the OAuth handshake with the provider. This returns a credential token and a credential secret.
  • Token and secret are sent back to the client as part of the response page inside the popup, as an “end of login response”.

In my native case, I could mimic this behavior by posting the tokens I got from the native handshake to /_oauth/<service> in order to get the user created, but I guess this is not a good idea as the handlers would try to finish an OAuth handshake that hasn’t actually been initiated. Also, for this I would have to parse the HTML returned, to get the credentials, which is kinda ugly.

The other option I can see is to call Accounts.updateOrCreateUserFromExternalService directly, e.g. by calling a Meteor method via DDP and passing all credential info over to the server this way. Is this a “safe” and “recommended” way to create the user? Also, I don’t get a refresh_token or a token expiry date from the native handshake, so I can’t pass it over to updateOrCreateUserFromExternalService. Does this cause problems?

If there are any examples out there where a native social login has been linked to Meteor accounts, I’d be happy to see them.

2

Shameless bump. Has never ever anybody implemented native social logins with Meteor? Can’t believe this is true :slight_smile: Would love to see any implementation samples.

(I now got a working version based on updateOrCreateUserFromExternalService now, but I guess I punched a significant security hole in our app using this approach. The problem is I could not find a practical way to piggyback on the official Oauth process.)