Sign In Register

How can we help you today?

Start a new topic

SocialDisconnect & Reverting Back to Device Authentication


We give our users the option to link their account with Facebook using a FacebookConnectRequest after deviceAuthentication so they can play across multiple devices.  We also want to give the option to the user to disconnect their account with Facebook using a SocialDisconnectRequest and just go back to using deviceAuthentication (which will also then load their previous device account).

Is this at all possible without using a username and password as we end up just getting NOT_SET and CHANGE_REQUIRED error codes from the SocialDisconnectRequest.  We do not want to add in another step to the user to supply a username and password.

Thanks in advance.

3 people have this question

Hi Stacy,

I'm afraid this isn't currently possible without providing a username & password. As mentioned in our documentation, the 'NOT_SET' error will be thrown when trying to perform a SocialDisconnectRequest without having a password or another connected social account; while 'CHANGE_REQUIRED' is caused by the fact that the players userName was derived from the account they are trying to disconnect.

If you have any further questions please let us know.



Why shouldn't they be able to revert back to device authentication?  A password isn't required to create the account or login to it using device authentication.

Hi Lisa,

A user may have been using a social account for a period of time and have built up some data that's stored in GameSparks. If they were able to revert back to device authed account they could lose access to that data. An example of this would be un linking a social account on a new device. In this use the case the user would have a different deviceId and no link back to the account that they just unlinked from. Does that make sense ?



Yes, that makes sense.  That's why what I was actually attempting to do was:

  • If the player has another way of accessing the account with this device (such as Game Center / Google Play or device authentication), call SocialDisconnect
  • Otherwise, just log out from the current account and switch to the device account
That way, if they later decide they made a mistake, all they have to do is reconnect the social system they disconnected.

I don't know about you, but in every game I've ever played that allowed me to connect a social account (Game Center / Google Play, Facebook, etc.), I've always been able to disconnect it just as easily as I connected it in the first place - I've NEVER been forced to create a username & password before being allowed to disconnect.  And I would most certainly never play that game again if it did something like that.

1 person likes this

Hi Lisa,

If you want to work around this you could simply set a userName and password on the account using a ChangeUserDetailsRequest on behalf of the user with a SparkRequest in Cloud Code. In the AuthenticationResponse check if the player is new and if they are just set these details for them by default.


if(Spark.getData().newPlayer === true){
    var player = Spark.getPlayer()
    var request = new SparkRequests.ChangeUserDetailsRequest();
    request.newPassword = player.getPlayerId() + new Date().getTime();
    request.userName = player.getPlayerId();
    var response = request.Send();


Try that and let us know how you get on.



This solution *almost* works.  Except there is an issue in that now the username is different than it was originally so the account is harder to re-connect to following local data loss.  I submitted a ticket with more details here:

Is there a way to edit player records to delete extAuth and then delete the entry in external Authentication?

The thing is that in your JS code you ask if newPlayer but since my player is not new since it already did DeviceAuthenticationRequest and then facebook link... 

So it's possible to edit the records with CloudCode?

I found another problem. My friend that was testing the game linked his authenticated device with Facebook and now they stole his mobile and he will not be able to Unlink facebook, even when deleting my app from his facebook settings that doesn't work.

How this could be solved without having to resort on manually deleting records?



Login to post a comment