I’m trying to implement in my app Flipt using openFeature.
In the backend, no problem with dynamic eval.
On the frontend (React), because of static eval, the provider fetches all flags on: <flipt url>/internal/v1/evaluation/snapshot/namespace/<namespace>
That means that any of my user would be able to see all the segments, rules etc.
Is there a way to fetch the flags with the right values based on a context for static evaluation (it’s what I use to do on flagsmith) ? Or I must do dynamic evaluation ?
Thank you for raising this up. Yep, you are correct. The snapshot will include all the namespace data. If this is something you don’t want the server-side evaluation is the best choice. Let’s discuss what is the best option for you.
If you’re facing a tight deadline, I suggest using the OpenFeature React sdk and JS ofrep-web provider alongside Flipt as a workaround. Flipt v1.51 has full support of OFREP. We would like to hear your feedback about it too.
@flg just to confirm, are you concerned that users would inspect the network traffic to see the data coming from Flipt to your client side sdks?
If so, i wonder if we could introduce some kind of encryption feature using a shared secret, where we encrypt the data on the server, and then decrypt it on the client in memory. this would ensure that the data is not inspectable by the end user