Unlink (`authData[provider] = null`) triggers OAuth code/token validation instead of unlinking

[SNtGog]

New Issue Checklist

• Report security issues confidentially.
• Any contribution is under this license.
• Before posting search existing issues.

Issue Description

When unlinking a provider by saving authData[provider] = null, Parse Server should remove the provider without validation. In current alpha, if the provider uses an OAuth authorization code flow, the server/adaptor may attempt a code → token validation/exchange during unlink, instead of performing the unlink. This results in unexpected adapter calls, possible errors, or the provider remaining linked.

Steps to reproduce

1. Configure an auth adapter that uses an authorization code flow (example gpgames).
2. Link the provider for a user.
3. Attempt to unlink with authData[gpgames] = null.

Actual Outcome

• During unlink, the server still invokes adapter validation / code-exchange paths.

Expected Outcome

• authData[provider] = null should unlink without any provider validation or code/token exchange.

Environment

Server

• Parse Server version: 8.2.4
• Operating system: Debian 11
• Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Hetzner

Database

• System (MongoDB or Postgres): MongoDB
• Database version: 8.0
• Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Hetzner

Client

• SDK (iOS, Android, JavaScript, PHP, Unity, etc): Unity
• SDK version: 5.0.1

[parse-github-assistant[bot]]

🚀 Thanks for opening this issue!

ℹ️ You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

[mtrezza]

@Moumouls What do you think?

[Moumouls]

Hum maybe a valid feedback, it should be investigated and reproduced with a test @mtrezza