Client instantiation

When creating a client instance in the browser, you use a secret.
Is it the one of a key ( admin, server, client (normally this one…))?

If you would use a client instance in the browser you should not use one of the default keys.

Create a role + key. Public or anonymous access

Go to the security tab in the dashboard, create a role there. Specify exactly what you want to give access to. Once the role is created, create a key for that role. This means that once you put that key in your frontend, that this is equivalent of public access. Everyone that grabs that key from within the frontend code can access the data that you gave access to via the role. If the data you are exposing is public anyway, then that’s fine.

Access with an identity

Better is to have a login mechanism and use either Login() or **Create(Tokens(), { instance: }) ** to create a Token. Tokens are different than keys in the sense that they have an identity (the document that was logged into or that the ‘instance’ field references to). You can write a role that applies only for tokens that are linked by using the membership field on Roles. By specifying a membership, that role will only apply on these specific tokens. All that is explained here: User-defined roles | Fauna Documentation

Ok then and thanks.
My strategy:
Create a Role “CollectionAble” and put any collection under it, except for udf collection.
Udfs escalate to CollectionAble when running.
Create Role “UdfAble” and put udfs collection under it.
Create a public key for udfable.
Now, no one can touch data, only udfs, and only those with the key can call them (public).
Finally, udfs checks for tokens, but more in a traditional sense.
Users’ login requests are matched against passwords in the fauna way, but if password is right, some kind of secret is returned to the client.
Then, the client uses that on any call to udf.
Each udf calls an internal udf that checks the secret and returns a code representing a soft role.
Just let me know of this is theoretically wrong.
Thanks by now!!

Yep all correct!
Thanks for your advices

1 Like