We're working on behalf of a client, implementing PlayFab authentication for a third-party service that is not natively supported by PlayFab. Right now, our flow looks like this:
1. Client temporarily logs in using LoginWithCustomId with a temporary ID like "anonymous" just so that it can execute cloud script.
2. Client then issues an ExecuteCloudScript request to validate the user's session with the third party service.
3. The cloud script handler calls out to the third party service to validate the user and then, if successful, executes LoginWithServerCustomId and returns the resulting session ticket.
4. The client uses this session ticket moving forward to perform all actions as the newly authenticated user.
We've run into a number of issues but the biggest obstacle seems to be that there is no way to later query a PlayFabId for a given ServerCustomId. Ultimately, we'd like to use AddGenericId/GetPlayFabIDsFromGenericIDs for this purpose but it's not reasonable for the client to be authoritative over the account linking data and there doesn't seem to be any way to call these from CloudScript. Are we missing something or are there any other approaches we could take?