Problem/Motivation

For REST / Headless scenarios it might make sense to allow using UUID instead of ID for entity reference parameters and storage.
This is also relevant for cases where the parameter is provided via GET parameter in the URL.

Steps to reproduce

Add an entity reference element to a webform in a project where UUIDs are used for identification, for example because they are hard to guess for:

  • Enumeration attacks
  • Scraping
  • URL‑based data leaks

Proposed resolution

In entity reference elements add a radio to select which identifier should be used:

  • ID
  • UUID

with ID as default.

Remaining tasks

  • Discuss
  • Implement
  • Test
  • Release

User interface changes

API changes

Data model changes

Comments

anybody created an issue.