Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] sending secrets to the function from client code

  • 0
  • Flutter
  • Functions
View on Discord
Drake
19 Sep, 2023, 21:12

Sending from client code? Sorry I don't understand

TL;DR
The user needed help with securely sending secrets to a function from client code. They were concerned about the security of passing data through the body or headers. The recommended solution was to have separate functions for generating and sending the TOTP code, and for verifying the code and resetting the password. The user agreed to implement this logic.
Faisal7
19 Sep, 2023, 21:13

i mean sending the email with the generated code to the user from my flutter app

Drake
19 Sep, 2023, 21:14

You're generating the code from your client app??

Faisal7
19 Sep, 2023, 21:14

yes

Drake
19 Sep, 2023, 21:15

That is not secure

Faisal7
19 Sep, 2023, 21:19

oh ok so you suggest to do all the logic like generating the code, sending it to the users email and then verify it in a function. for this i will need then 2 functions like one for generating and sending the TOTP code and then one for verifying the code and resetting the password

Drake
19 Sep, 2023, 21:20

Yes. Or one function that does both depending on the request

Faisal7
19 Sep, 2023, 21:21

one function depending on the request?

Faisal7
19 Sep, 2023, 21:23

ooh i see yes now i understand what you mean

Faisal7
19 Sep, 2023, 21:24

you mean by differenciating through sending something in header or body to know what the function should do?

Drake
19 Sep, 2023, 21:37

Yes something in the body

Faisal7
19 Sep, 2023, 21:57

Ok then i will definitely implement the whole logic to my function. Thanks for the suggestion

Faisal7
19 Sep, 2023, 21:57

Now how do i send then the secrets. In the body is not a good idea in header as well i think. Then how?

Drake
19 Sep, 2023, 22:11

email or something of the sort. the point is you should not be sending it to the client who initiated the request because that may not be the actual owner of the account. the whole point of password recovery is validating the user is who they say they are even if they don't have their password

Faisal7
20 Sep, 2023, 06:49

i am sending the secret TOTP code in the email already the user should then copy paste the code in the app and then give his/her new password to be resettet and i meant this new password. how do i give this to the function for resetting it.

Drake
20 Sep, 2023, 16:50

the function that validates the code should also take the new password. if the code is correct, updae the password. if not, don't update the password and return an error

Faisal7
20 Sep, 2023, 20:33

Yes right, but where do i put then the code and the new password to give the function

Drake
20 Sep, 2023, 20:40

you can pass data to a function..

Faisal7
20 Sep, 2023, 21:15

yes this is my question where is the best place to pass data like in header in body or where?

Faisal7
20 Sep, 2023, 21:16

the opportunity to pass data when i am executing it from client is i think headers or body

Drake
20 Sep, 2023, 22:56

up to you, but, generally, it's done in the body

Faisal7
21 Sep, 2023, 06:02

Oh ok i already giving data to functions through body but i had a security concern thats why i asked. So doing so will be safe then?

D5
21 Sep, 2023, 06:21

If that question was due to encryption, HTTPS (TLS) encrypts both head and body

Faisal7
21 Sep, 2023, 06:51

ok then its perfect. I think i got my answer. You guys are very helpful thank you @Steven and @D5.

Drake
21 Sep, 2023, 18:00

[SOLVED] sending secrets to the function from client code

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more