Is there a reason Accounts.callLoginMethod isn't documented?


Should I not be using this method?


Because there are wrappers for it, see


Ah, okay. I don’t understand why they left the core function out but that at least makes sense.


There’s a lot of functions that’s not documented, so it’s not just this one


If something is not documented, that means that it’s not part of the official API and can change between releases. We might want to rename that one to Accounts._callLoginMethod.


What are you using it for that isn’t covered by some documented API?


To trigger a login automatically for every user after a specific event.


Whoa, never heard about that before. What’s the use case?


SSO for my company. When a user accesses my site without a session, we send
them to an auth server via jsonp, trigger the login as soon as it succeeds,
then the back end looks up their identity via connection id.


Wow, pretty cool. I can’t say that this is an officially supported API, but we usually go out of our way to preserve these types of functions so it’s pretty unlikely that it will actually change. And if it does, it will definitely be in the change log (and it sounds like you will probably notice really fast!)

So I would just go ahead and use it if it works for you!


Fair enough! Thanks for the advice.


Hmm, interesting. Actually, I’m doing the same on an app where entering the app (from any route) triggers loginWithGoogle and leaving the app (changing route and unload) triggers a logout.

It is very crude but works for our use-case, being:

The client is a google apps user where they login from one google app and not get asked again for a login in another app. But when a user logs out from any of the google apps, they get logged out of all the apps. This kind of natural SSO style integration is not possible with the current accounts google package. Had it been based on the newer google oauth service which exposes many great utilities like “check if there is a logged in google account”, I would have not needed a hack like this.

Anyway, sorry to hijack the thread like this, but I feel such a use case like yours and mine are (is) not that uncommon, especially within the enterprise.


Is there some feature in meteor that would make single sign on easier to accomplish, or is this good enough?


I would love an official way to force login every time a user session starts and force a logout every time a user session ends.

In my understanding, a session begins the first time user enters the site/app, continues through multiple tabs, windows, route changes, page refreshes etc and ends when user closes the last browser window/tab or navigates away from the site/app.


Seconded. Everything I’m doing now feels cludge-y and inelegant. Serkandurusoy’s suggested solution is dead on.