Context
We have a Unity game that interacts with Azure Functions through PlayFab. We have a backend service to log the players into PlayFab using an oAuth method.
Problem
Since the Client API is a total mess, because you can, for instance, create users using the LoginWithCustomId endpoint indiscriminately without any security layer, we had to implement another way to authenticate the users with customId.
This is why we've implemented the Server/LoginWithServerCustomId endpoint in a backend service to keep the secretKey safe. After the successful login, we return the sessionTicket and entityToken to the Unity game to set the AuthenticationContext object in the PlayFabSDK.
Problem/Issue
We have Azure Functions that we call using the CloudScript/ExecuteFunction endpoint, and we are getting a NotAuthenticated error using the EntityToken returned by Server/LoginWithServerCustomId. Previously, we used Client/LoginWithCustomId, and the EntityToken this endpoint returns works well, but the Server one doesn't.
The official documentation says to call the CloudScript/ExecuteFunction endpoint, we need to send the EntityToken that we should get using the Authentication/GetEntityToken endpoint by sending one of the following headers: X-SecretKey, X-Authentication, or X-EntityToken, and Entity data in the request body.
I've done it, but the EntityToken I get from there doesn't work either; I still have the NotAuthenticate issue.
So:
CloudScript/ExecuteFunction throws a 401 error using EntityToken returned by GetEntityToken and Server/LoginWithServerCustomId methods.
CloudScript/ExecuteFunction only works with the EntityToken returned by the Client/LoginWithCustomId endpoint, which we have turned off using the API Policies since it is a considerable error from PlayFab to have that endpoint without any security layer that prevents massive ghost account creation.
My thoughts
It seems the CloudScript/ExecuteFunction detects the EntityToken and throws the 401 issues for some auth reasons I don't understand yet; if I send a wrong EntityToken or don't send anything at all, I get the accordingly error message.
I wonder if there is any way to allow the CloudScript/ExecuteFunction with the proper API Policy configuration to be called using the EntityToken returned by the GetEntityToken endpoint.
Questions
Have you tried to call the CloudScript/ExecuteFunction endpoint using the EntityToken returned by the GetEntityToken one?
Has anyone had this problem? How have you solved it?
Thanks a lot for any help you can provide!