Hello, we are planning to release on Steam, and LoginWithSteam is perfect for us as it also validates the ownership of the game.
But I believe that with a modified client can log in with other options than Steam.
What's the recommended way of preventing it?
Is it by using the Global Title Policy in the settings?
I am a little confused with it, can I get an example of only allowing a specific (Steam) login option?
Thanks!
Yes, this is a viable solution and you can refer to the code below to update policy. But I think you're running into confusion around the differences between API policy and entity policy. The resource string there is for an API policy, not entity policy. Therefore, you can't use the "ENTITY GLOBAL TITLE POLICY" in the setting, which is for entity policy.
{
"Resource":"pfrn:api--/Client/LoginWithFacebook",
"Principal":"*",
"Effect":"Deny",
"Action":"*",
"Comment":"This will deny anyone to call LoginWithFacebook"
}
So, I would suggest you call the Admin API UpdatePolicy to update policy (by Postman). More information please see:https://api.playfab.com/docs/tutorials/title-management/api-policy
Thanks! CAn this work the other way around?
Disabling all client API calls by default and enabling only that I know I need?
3 People are following this question.
