question

matkrulli avatar image
matkrulli asked

Playfab authentication with (already existing) custom java server

I have a multiplayer game running on a Java server and I want to migrate to using Unity as a client and Playfab as a login/authentication service.

Since the game already existed, all I've got to do is rework the communications between the Unity client and the Java server and I've decided to use Playfab in order to secure login/authentication.

I understand that the regular way of doing this would be to have my Java server register as a Playfab custom server and use the matchmaking api, but on one hand I feel like there might be a simpler solution and on the other I'm not really sure how to go about doing it(since it seems my server would have to comply to rather strict specifications).

What I was originally going to do(my 'original solution') was have the client login to Playfab, then cloudscript would send a REST request to the server telling them that client has logged in and a response to the client telling them the server's address. From there, the client would establish a socket connection to the server and the game would run through that(I have TLS setup and the server is super-authoritative, so that should work fine).

The problems with that approach were mostly that I'm not sure how the server would ensure the client trying to connect is the right one. I have the client's playerID, but that's easy to duplicate. I could also give a temporary secret key, but I'm not sure how secure that'd be. Finally, I could get the client's IP, but that sounds like a bad idea for a number of reasons.

So my questions are mostly:

1- How workable/flawed is my 'original solution'? I have studied a bit, but it's the first time I'm actually trying to use something like Playfab as the middleman, so chances are I'm overlooking a lot of stupid stuff.

2- Would it be possible to use Playfab's "custom server" api with my already existing java server? What would I have to do in order to do that?

3- Is there a simpler way to use Playfab as a middleman for authentication? All I need is to go from getting the user logged in(I already have the playfab client running fine on Unity) to have them authenticated/identified with the Java server.

A small note is that I'm currently using Playfab's free version. While Playfab does have quite a lot of interesting features and I'll probably check those in the future, right now all I need is authentication and I'd rather slowly scale my plan as the game and its playerbase grows.

Custom Game Servers
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
JayZuo avatar image
JayZuo answered

For your "original solution", I'd think you can add a temporary token to enhance security. When your server received the request from CloudScript, you can not only return the server's address but also a token. The client need to connect to server with this token, you server can verify the token to know if the client is the right one. One thing need to notice here is that in CloudScript, the http.request call timeout is 2.5 seconds. You need to make sure your server can return the server's address and token within this time.

Another solution here would be Using externally hosted game servers with PlayFab. With this solution, you are still using your existing java server, all you need to do is adding some code to integrate with PlayFab and in server you can use RedeemMatchmakerTicket to verify the client. For more info, please see the documentation https://docs.microsoft.com/en-us/gaming/playfab/features/multiplayer/servers/using-externally-hosted-games-servers-with-playfab.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

matkrulli avatar image matkrulli commented ·

Thanks for the quick response. I see, I guess it is roughly what I expected.

About "using externally hosted game servers with playfab" though, the one thing I can't wrap my head around is the build that needs to be uploaded.

The documentation said that I should upload a build, but that it wouldn't be used, and from what I understood on the custom(not external) server documentation, that build would be the server itself, so what am I supposed to upload?

Since it says the build won't be used, I suppose it might be fine to just upload an empty '.zip' file, but if that's not the case, I really can't find anywhere that indicates what should go there(other than a whole server build).

0 Likes 0 ·
matkrulli avatar image matkrulli matkrulli commented ·

Actually, I just tried with an empty '.zip' file and it seems to be working fine, so I guess that's that.

Still, I'd suggest making it more clear on the documentation that while you do have to upload a build, it can be just an empty file, or maybe changing the interface to reflect that(depending on whether the user has checked 'Use external game server provider' under settings).

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.