Right now to get player entity data object we do the following:
let playerEntity = server.GetUserAccountInfo({ PlayFabId: currentPlayerId }).UserInfo.TitleInfo.TitlePlayerAccount;
let result = entity.GetObjects({Entity: playerEntity});
Is it possible to do this in one API call on cloudscript?
Sorry for the confusion made earlier, actually, you can use the entity ExecuteEntityCloudScript API instead of ExecuteCloudScript to call the CloudScript function. It has several benefits:
1. The caller's player profile is automatically passed in the "context" parameter by PlayFab, you can directly access its objects by doing the following without having to do those two lines you put in the post:
var objects = context.currentEntity.Objects;
In this way, profiles are automatically passed by PlayFab for the calling player entity, without the need to get it manually in the function, and, this also blocks the way for other players to spoof the system since they can only make calls for themselves.
2. Players cannot make this call on behalf of other players in the first place, if one player specifies other player's entity key in the request, it would simply return "Not Authorized", ergo prevents spoofing.
Thanks, that should work for us. Is there any downside to this API versus just ExecuteFunction?
Is ExecuteEntityCloudScript the newer version? (Introduced after entities system was released)
I believe you're talking about ExecuteCloudScript since ExecuteFunction is for the new CloudScript using Azure Functions feature.
Yes, ExecuteEntityCloudScript is the newer version introduced with the entity system.
Actually `ExecuteEntityCloudScript` is just server side - can't execute it from client side. So we would still need to use `ExecuteCloudScript`
You can execute it from the client side, you'll just need to specify the player's EntityToken (received from login calls or the GetEntityToken call) in the request header.
Thank you! I see, I found out why I couldn't find it - the namespace for the calls are different and I had only imported PlayfabClientAPI
The original one uses:
PlayFabClientAPI.ExecuteCloudScript
While the new one uses:
PlayFabCloudScriptAPI.ExecuteEntityCloudScript
The only issue is that the models they use are the same, but with different namespaces. Is there any reason for that?
PlayFabClientAPI.LoginWithCustomID
returns a EntityKey from PlayFab.ClientModels while ExecuteEntityCloudScript needs Playfab.CloudScriptModels. It is easy to just create a new EntityKey using the login result from PlayfabClientAPI but wonder why there are two different ones?
Tried to find some info in the docs but couldn't see any.
You can pass the player’s EntityKey (this is returned from login calls, or you can craft one if you have the title player entity id) as an argument from client to CloudScript so that you don’t need to make the first API call in question to get the player’s EntityKey. Please check this doc for more details about passing arguments to CloudScript: https://docs.microsoft.com/en-us/gaming/playfab/features/automation/cloudscript/writing-custom-cloudscript#intermediate-overview-globals-and-advanced-arguments
Thanks, that may work. How can we avoid this from being spoofed if we are passing it from args?
Player spoofing is possible, you'll need to add some validation logic for this if you don't trust the client side, actually, the first API call in question might be inevitable.
And, may I know why you don't directly call GetObjects from the client side to get the player's objects?
We are storing some readonly data in player entity object.
(Quests completed status, player level, etc)
The cloudscript is called after the player finishes a level and updates the status.
We do validation to make sure the data is correct (enemies killed count, xp earned, etc) but not sure how to prevent spoofing from client side where people can call cloudscript on behalf of other players.
How can we validate the entity key versus the cloudscript caller on server side? Thanks
3 People are following this question.
