question

Frank DiCola avatar image
Frank DiCola asked

Group/IsMember returns 401 Unauthorized (ErrorCode 1074)

Hey everyone! Sorry for asking this again - I know this question has been addressed here, but I looked through the questions and answers to no avail. I tried the suggested solutions but I'm still stuck. Here's my conundrum:

I'm implementing a "fastpass" way to join a Guild without requiring the usual Application & Acceptance process. This is something my users have requested. AddMember is working fine! I tested it and everything is working great so far.

But I noticed that AddMember will add someone to a PlayFab group even if they are already a Member, which is too bad. (Any way to prevent that?) For example, I was an Administrator of my testing group and when I called the function it added me to the Members role, so I had two roles.

So then I thought, what if I call IsMember first and prevent a double sign up? That's when I got this error:

 Results of checking Membership:
 {
    code: 401,
    status: 'Unauthorized',
    error: 'NotAuthenticated',
    errorCode: 1074,
    errorMessage: 'This API method does not allow anonymous callers.'
  }

Here's the code I'm using to call this. Trying to see if my Title Player Account is inside an existing Group:

 const isMemberBody = {
             Entity: {
                 Id: "2A5E4AC524D8168D",
                 Type: "title_player_account"
             },
             Group: {
                 Id: "75128ABCBE270F34",
                 Type: "group"
             }
         };
    
    
         // Create the Request Headers
         const isMemberHeaders = {
             'Content-Type': 'application/json',
             'X-EntityToken': "Hardcoded X-EntityToken goes here",
             'X-SecretKey': process.env.PLAYFAB_API_SECRET_KEY,
         };

I'm using some hardcoded Entity Tokens for testing that I'm generating via existing sections of my backend that are working, but I didn't want to paste them here. As of this writing, the X-EntityToken I'm using expires in 24 hours, so that shouldn't be the issue.

What am I doing wrong? What is an anonymous caller? Why didn't AddMember give me this problem, since I called it exactly the same way? What is the solution? I'm sure PlayFab allows a player to check if they are a member of a group.

For what it's worth - I am aware that I can do a "client side check" of Memberships to see if the user is in the Group before allowing them to press the button, but I really prefer to do that stuff on the server for security reasons.

Thanks for the help, let me know if you need to see any more code!

Authentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Infer Wang avatar image
Infer Wang answered

When you call Add Members, you can write RoleId in your request body. This can prevent the wrong add as I tested. And the errorMessage: 'This API method does not allow anonymous callers.’ arises when the EntityToken is null, you may check if the EntityToken is successfully passed.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Frank DiCola avatar image Frank DiCola commented ·

Thank you! When you say the EntityToken is null, do you mean the EntityToken on isMemberBody or do you mean the X-EntityToken in the header? I have tried a variety of solutions and the error message is the same, even when I submit a working EntityToken or a purposely expired one or a garbage one like "123ABCXYZ".

0 Likes 0 ·
Infer Wang avatar image Infer Wang Frank DiCola commented ·

IsMember requires the X-EntityToken in the header. Wrong entitytoken will get the response” EntityTokenInvalid”. So, your X-EntityToken isn’t passed successfully, could you please show me the code snippet of this api’s calling part? Which SDK do you use? Normally, you don’t need to write the header, after you call GetEntityToken, the sdk will handle entitytoken for future api call.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.