Closed mike-marcacci closed 5 years ago
After thinking through the security implications of this, I've realized that this change is more involved than originally expected.
The real benefit of making IDs configurable is that a "create" request gains some degree idempotence. That is, if a request fails (perhaps due to a network issue) the sender can safely retry it without risking creating a final state where multiple copies were created.
My current plan is to update an entity on collision so that the specified fields match. There may be scenarios where this is not possible, though, so this is not a final decision.
Another strategy would be to ensure that the existing entity is identical to the one that would be created by the current request.
Either way requires additional checking of permissions, though, as we need to make sure we can either update or read the relevant fields on the existing entity (which may belong to a different user, etc).
I have several additional thoughts on this. I'm still debating between the "update on collision" and "error on incompatible collision" strategies, and the following is just a "brain dump":
id
a non-sensitive piece of information for the goals of this project. That is, if a party is aware of a particular UUID, we don't need to worry about whether or not we can confirm its existence. This does NOT apply to entities identified by some other mechanism, such as an email address.userId
and grantId
, which must never be changed. This means that we will have to return a "collision error" in at least some cases, and the appropriate error handling must exist in any user interface.
Currently, AuthX assigns IDs to newly-created entities. This means that you would have to make multiple requests to, say, add a user, and then assign the user to a role (since you need the user’s ID to assign to the role). Because we used UUIDs here, we can make it so that a GraphQL client can optionally specify an ID when creating a new entity. This will enable batching of mutations that include entity creation.