Determine which parameter was incorrect when receiving InvalidParams

Question

question

kevin-4 asked Nov 21, '17

Determine which parameter was incorrect when receiving InvalidParams

Was doing some testing on my script that uses LoginWithEmailAddressRequest and received InvalidParams when the email address wasn't formatted correctly, or when the Playfab password was under 6 characters long or over 100 characters. However instead of just giving the user an overly broad error message ('Either your email is incorrectly formatted or your password is too long or too short'), is there any way to determine from the error result which parameter is invalid (and what about it made it invalid)? So being able to query something that returns "Email address has no domain" or "Password is too short".

I know the docs say PlayFab can change password requirements at any time, so I don't want to hardcode the logic for that client side (I think currently between 6-100 characters is considered valid). Also email regexes can be tricky, so don't want to implement that client side either and end up blocking some email formats that are actually acceptable or vice versa.

Furthermore, is there a way to make the PlayFab API require certain criteria for passwords (at least 1 uppercase, 1 special char, etc) or is that something we actually should handle client side?

apis

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-11-21T03:08:56Z

kevin-4 answered Nov 21, '17

Used the 'Try It' function on the doc page (https://api.playfab.com/documentation/client/method/LoginWithEmailAddress) and saw that the ErrorDetails dictionary gets filled when InvalidParams is returned.

So as of now I do something like this:

StringBuilder invalidParamsList = new StringBuilder(64);


foreach(string invalidParam in error.ErrorDetails.Keys) {
	invalidParamsList.AppendLine("- " + error.ErrorDetails[invalidParam][0]);
}

And print out invalidParamsList.ToString() to the user. Are the messages of ErrorDetails meant to be shown directly to the user like this, or could this be a potential security leak at some point?

Also, why are the keys mapped to Lists of strings and not just strings? Are there any keys that exist for LoginWithEmailAddress that would have multiple error messages attached to one parameter? Right now I just do error.ErrorDetails[invalidParam][0] to get the first string in the list. I'd rather not introduce an inner loop within my foreach.

The above currently prints out something along the lines of:

- Email address is not valid.
- Password must be between 6 and 100 characters.

to an in-game modal window.

3

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan commented · Nov 21, 2017 at 07:07 AM

That's correct - the ErrorDetails contains the rest of the information on the issues. As to why they are lists, that's the general format for ErrorDetails across all calls, so that if more than one message is required, we can provide it.

0 ·

kevin-4 brendan commented · Nov 21, 2017 at 07:17 AM

Got it, thanks. Is there any comment regarding the special criteria for passwords question from the original post? I've been searching and have yet to see anywhere to set it so I guess we do have to handle it ourselves, but thought I'd still confirm first.

0 ·

brendan kevin-4 commented · Nov 21, 2017 at 07:37 AM

Actually, we have a "no breaking changes" policy, so we wouldn't change the password requirements for existing titles in a way that could cause a problem. So any string of the right length is fine - no special regex.

What we do, if we need to make a change like this, would be to flag it so that only newly created titles would be affected, and we would update the docs to reflect the change.

0 ·

question