I have an ODC app, where my application triggers a workflow to do some work and then the workflowupdates a table. Now, updating the table is done through a serviceAction in the application, where I call it from the workflow.
My question is, this call from workflow to the app to "update" the table doesn't support an authentication mechanism.
1 - Does this open a security threat, where external parties can make calls to this ServiceAction? (I will test this)
2- Is there a built-in feature that I am not aware of?
I can create a separate table and authentication tokens etc. in the app and pass it to the workflow and verify the token when the workflow calls the app. But for something like this, I was expecting an OOTB solution
Hello.I think this question appeared before.Key concept: Calls between apps will pass credentials. Timers/workflows don't have a logged user to pass.1. Security threat always depends on the developer.ServiceActions are made for app-to-app communication within the same ODC environment. The only ones calling it are other OS developers in your team.https://success.outsystems.com/documentation/outsystems_developer_cloud/app_architecture/service_actions/
It is generally safe.2. Your approach sounds good and easy.If the Timer/Workflow must be in a different app as the action, the easy workaround is to set some GUID on your module, send it as an input parameter, the other side will callback with that GUID to fetch credentials, and you move from there.
Good question and great answer. Thank you both @Ilay and @Nuno Reis
I am not extremely familiar with ODC yet, will keep this knowledge for next implementation.
Thank you for the response, @Nuno Reis . Good to know I haven't missed a crucial step :)