I'd like to be more restrictive in who can call Playfab's built-in "GetPhotonAuthenticationToken" to just server rather than client, using an azure script. I'm wondering if this is the right approach?
The way I see it I could use Playfab's provided login like steam to get a valid session, send that to the "server" (function) which checks if the player is eligible to request a photon token.
As far as I'm aware Playfab allows clients to request a token just as long as they're logged in; whereas I have a unique situation where I only want to allow the player to login, but under a different set of rules choose whether to allow the client to actually create a photon session (host a lobby / use CCU)
That's where creating custom authentication came to mind, because it feels like I need to separate login authentication vs photon session tokens. (this is a design question I guess)
Is this possible? I know photon has a page detailing that you can send data to a web service instead of using playfab to authenticate (which again, is just asking if we're logged in right?)- but I'm wondering how it all ties into playfab specifically, if photon can even use azure addresses for custom authentication, etc.. just need some help connecting the dots.
Thank you in advance for any insight.