question

estebanpena avatar image
estebanpena asked

Error: CloudScript/ExecuteFunction Not Authorized with EntityToken get from GetEntityToken API

Context

We have a Unity game that interacts with Azure Functions through PlayFab. We have a backend service to log the players into PlayFab using an oAuth method.

Problem

Since the Client API is a total mess, because you can, for instance, create users using the LoginWithCustomId endpoint indiscriminately without any security layer, we had to implement another way to authenticate the users with customId.

This is why we've implemented the Server/LoginWithServerCustomId endpoint in a backend service to keep the secretKey safe. After the successful login, we return the sessionTicket and entityToken to the Unity game to set the AuthenticationContext object in the PlayFabSDK.

Problem/Issue

We have Azure Functions that we call using the CloudScript/ExecuteFunction endpoint, and we are getting a NotAuthenticated error using the EntityToken returned by Server/LoginWithServerCustomId. Previously, we used Client/LoginWithCustomId, and the EntityToken this endpoint returns works well, but the Server one doesn't.

The official documentation says to call the CloudScript/ExecuteFunction endpoint, we need to send the EntityToken that we should get using the Authentication/GetEntityToken endpoint by sending one of the following headers: X-SecretKey, X-Authentication, or X-EntityToken, and Entity data in the request body.

I've done it, but the EntityToken I get from there doesn't work either; I still have the NotAuthenticate issue.

So:

  • CloudScript/ExecuteFunction throws a 401 error using EntityToken returned by GetEntityToken and Server/LoginWithServerCustomId methods.

  • CloudScript/ExecuteFunction only works with the EntityToken returned by the Client/LoginWithCustomId endpoint, which we have turned off using the API Policies since it is a considerable error from PlayFab to have that endpoint without any security layer that prevents massive ghost account creation.

My thoughts

  • It seems the CloudScript/ExecuteFunction detects the EntityToken and throws the 401 issues for some auth reasons I don't understand yet; if I send a wrong EntityToken or don't send anything at all, I get the accordingly error message.

  • I wonder if there is any way to allow the CloudScript/ExecuteFunction with the proper API Policy configuration to be called using the EntityToken returned by the GetEntityToken endpoint.

Questions

  1. Have you tried to call the CloudScript/ExecuteFunction endpoint using the EntityToken returned by the GetEntityToken one?

  2. Has anyone had this problem? How have you solved it?

Thanks a lot for any help you can provide!

apisCloudScriptAuthentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Infer Wang avatar image
Infer Wang answered

Unfortunately, I can’t reproduce your issue with postman, I didn’t receive 401 error when call the CloudScript/ExecuteFunction endpoint using the EntityToken returned by the GetEntityToken one. Could you please test with postman to see if this issue can be reproduced? The issue may be related to the way you set AuthenticationContext.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.