question

joon avatar image
joon asked

using Playfab Authentication to log into a custom Azure Function directly

We have a racing game with that records ghost recordings for players to challenge. It's like an asynchronous online mode. The 30k size limit on CloudScript is scaring us a little bit, as sometimes even our compressed recordings are over 30k. We have a working prototype where ghosts are submitted through an Azure Functions cloudscript (yay!) but we're not very experienced with Azure as a whole beyond that.

Is there any resources on how we could use the Playfab authentication to talk to our Azure storage account directly to make uploads?

CloudScriptlimitsAuthentication
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

joon avatar image
joon answered

I figured it out using your help and reading up about SAS tokens!

The code on this page helped me create an azure function which lets me return a Blob upload url with limited availability. That would do for now :)

https://github.com/Azure/azure-sdk-for-net/issues/12052

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image
Seth Du answered

If the ghost data is separately stored in Players’ account, you can use Entity Files of PlayFab to manage and retrieve the data. However, it seems you want to have a centered database to maintain ghost data. I suggest implement an Azure function and the function will query the ghost data in Azure Storage and return the data URL to player’s client, which won’t exceed the parameter limits.

In terms of authentication, when the client calls ExecuteFunction API (or trigger the function via Rule/Task), the caller information and execution method will be store in the function request and as you can see in our official samples, a variable “context” will be defined to store the data. “Context” can be used for the authentication to make sure the caller and this execution are valid.

However, the authentication between Azure Function and Azure Storage depends on you and there is no built-in implementation. In the common scenario, the authentication information is hard-coded because it is safe as long as you have an authentication process using “Context”.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

joon avatar image
joon answered

Retrieving the ghost data is fine, we can do that directly from Azure, but uploading is the problem. We're currently uploading via Azure Function CloudScript, with a zipped serialized data blob as a paramter, and the 30k limit exists there.

The context stuff you mention sounds like it might be what I need, could you point me in the direction of the docs or examples?

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

joon avatar image joon commented ·

I'm trying to map it out to understand it better.

In the above image, the steps I'm not able to figure out atm are steps 6 and 7,

i.e. Playfab has authenticated a user, and presumably has some kind of token from Steam (or whoever). What's the name for this token, and how do I verify it on the server-side before accepting uploads or requests from the client?

0 Likes 0 ·
image-2.png (104.5 KiB)
Seth Du avatar image Seth Du ♦ joon commented ·

I don't think uploading should be handled by Azure Function. If you request an upload URL by Azure Function, it is ok to return the url to the client. Client can directly use this url for uploading. I am not expert on Azure Storage, but as PlayFab Entity Files are using Azure Blob Storag, it is common that clients use this url because it has short expiration time.

>> context

Please refer to the official sample on PlayFab CloudScript using Azure Functions Quickstart Guide - PlayFab | Microsoft Docs.

When you import CS2AFHelperClasses.cs helper class, you can get context via:

FunctionExecutionContext<dynamic> context = JsonConvert.DeserializeObject<FunctionExecutionContext<dynamic>>(await req.ReadAsStringAsync());

I am not sure of step 6,7 because usually there is no need for verification as if you implement Azure Function in PlayFab, only with a valid entity token, can the function called by the client. Besides, context also can be used for verification.

1 Like 1 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.