Authenticate actions?
Is it possible / needed to authenticate actions?
const identity = await ctx.auth.getUserIdentity();
console.log("identity", identity);
if (identity === null) {
throw new Error("Unauthenticated call to action");
}
identity is always null here....
4 Replies
Is it that internal actions don't need auth but regular actions do?
I believe auth is only filled in at the public function contexts. Internal functions (actions/mutations/queries) do not have auth because they are called from within the backend. The assumption here is that you've already done the relevant auth protection at the public api levels.
If you need to pass along specific user information to an internal function, then you'll have to do that manually.
(Someone on the team may correct me, but this is my recollection of how this works).
I thought auth was passed through if the internal function is called with
runAction, but not passed through if it's called from a cron or scheduler.runAfter (because the authentication may have expired). How is the internal action being called?Yes it was being called with scheduler.runAfter