question

raj-1 avatar image
raj-1 asked

Unable to executeInventoryOperations on inventory V2 from server

Hi, I am trying to grant player some items (Economy V2) once he is created (by using rules player_created). I am using playstram event to trigger a azure function for this. I am trying to add these items to players inventory by using server's entity token and developer access key but api is failing due to unauthorise entity token.

Because of this issue I started using entity token which is sent from playstream event and it is giving the same error.

Finally I had to add this API call on client side to get entity token from client which allowed me to add these items to inventory.

According to me this is very insecure and needs attention. I think executeInventoryOperation API should also be accessible by developer secret or server entity token. Otherwise Inventory which is very important part of any game cannot be controlled freely as it will always need clients intervention to work.

If this is already possible without clients intervention, please let me know how to do it.

Thanks in advance

In-Game EconomyPlayer Inventory
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Neils Shi avatar image
Neils Shi answered

The API ExecuteInventoryOperations can and should be called on the server side, and we do not recommend calling it on the client side as this poses a serious security risk. Could you provide us with detailed error message? And we recommend that you debug Azure Function locally before you deploy it, or you can share your code with us so that we can do some research.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

raj-1 avatar image raj-1 commented ·

Hi Neils Shi,

Here is azure function PlayFabSettings.staticSettings.DeveloperSecretKey = Constants.DeveloperSecret; PlayFabSettings.staticSettings.TitleId = Constants.TitleId; string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); PlayerPlayStreamFunctionExecutionContext context =JsonConvert.DeserializeObject

0 Likes 0 ·
Neils Shi avatar image Neils Shi raj-1 commented ·

Can you provide the error message or your full Azure Function code so that we can do some research? In your case, you should use “var context=JsonConvert.DeserializeObject<PlayerPlayStreamFunctionExecutionContext>(await req.ReadAsStringAsync());” to get the context and obtain MasterPlayerAccountId. And since the API ExecuteInventoryOperations needs title player account id, so, you can use GetTitlePlayersFromMasterPlayerAccountIds API to retrieve the entity of the title player account from the master player account id. And we also recommend that you debug your Azure Function locally first.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.