AuthData validation is incorrectly triggered on unlink/no-op updates, breaking multi-provider flows

[SNtGog]

New Issue Checklist

• Report security issues [confidentially](https://github.com/parse-community/parse-server/security/policy).
• Any contribution is under this [license](https://github.com/parse-community/parse-server/blob/alpha/LICENSE).
• Before posting searched [existing issues](https://github.com/parse-community/parse-server/issues?q=is%3Aissue).

---

Issue Description

Parse Server validates all existing authData providers during user updates, even when a provider is unchanged and not part of the update.

For code-based auth adapters (requiring code), this causes valid multi-provider update flows to fail, because Parse attempts to revalidate providers that were not modified and therefore do not include a code in the update payload.

This makes partial authData updates non-functional and breaks multi-provider user accounts.

---

Steps to reproduce

Using any code-based auth adapter (example below uses a gpgames-like adapter that requires code):

it('should handle multiple providers: add one while another remains unchanged', async () => {
  const user = await Parse.User.logInWith('gpgames', {
    authData: { id: MOCK_USER_ID, code: 'C1' },
  });
  const sessionToken = user.getSessionToken();
  await user.fetch({ sessionToken });

  const current = user.get('authData') || {};
  user.set('authData', {
    ...current,
    instagram: { id: 'I1', code: 'ic1' },
    // gpgames is NOT modified
  });
  await user.save(null, { sessionToken });

  const reloaded = await new Parse.Query(Parse.User).get(user.id, {
    useMasterKey: true,
  });

  const authData = reloaded.get('authData') || {};
  expect(authData.instagram && authData.instagram.id).toBe('I1');
  expect(authData.gpgames && authData.gpgames.id).toBe(MOCK_USER_ID);
});

---

Actual Outcome

user.save() fails with an adapter validation error, for example:

Error: gpgames code is required.

This shows that Parse attempts to validate the existing gpgames provider even though it was not modified and no code was provided in the update.

---

Expected Outcome

• The new provider (instagram) is added successfully.
• The existing provider (gpgames) remains unchanged.
• Adapter validation is triggered only for providers whose authData was actually modified.

---

Environment

Server

• Parse Server version: 9.1.0
• Operating system: Debian 12
• Local or remote host: Remote (self-hosted)

Database

• System: MongoDB
• Database version: 8.1
• Local or remote host: MongoDB Atlas

---

Logs

Error: gpgames code is required.
    at validateAuthData (...)

[parse-github-assistant]

🚀 Thanks for opening this issue!

ℹ️ You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.