Identity in scheduled functions
Hi
I am calling a mutation1. in its ctx arg I can get the user's identity object (
ctx.auth.getUserIdentity())
when I execute mutation2 via a scheduler from mutation1 (i.e mutation1 calls mutation2 via scheduler), that identity object is lost
Is there a way to get the same identity object from mutation2's ctx?
7 Replies
Scheduled functions are always unauthenticated - you'll want to pass authentication info to the scheduled function directly
is there a way to check within mutation2 that "mutation1 triggered" mutation2?
There's no caller info or anything, but you can do so arbitrarily - args can be anything you want
okay thx!
are you suggesting to pass ctx.auth directly in mutation2's args?
is it safe?
client can pass that arg too i think. he/she can misuse this
No, you'll want to authenticate before you schedule the function, then provide any user info you need to the scheduled function via args
Scheduled function should be internal, eg.,
internalQuery, internalMutation. Beyond that it's up to you to ensure you never call it before authenticating.@ashuvssut (ashu) agree with @erquhart here, internal mutations are already "privledged", because they can only be called by your own mutations or actions. so if you have the "unprivledged" mutation (the
api. one, not the internal. one) check the identity, you can just pass this identity to internal functions through the scheduler and trust it is correctthankyou very much!