I'm making my authorative server with Photon Server and I need to check the user session token before allowing him to join the game, I tried making a post request to ".../Authentication/ValidateEntityToken" but I get this error "This API method does not allow anonymous callers.", what is the correct way of doing it?
Hi, my suggestion is that you use CloudScript to do the Validation for you. In the client, use ExecuteEntityCloudScript or ExecuteCloudScript API to execute CloudScript with a player’s entity token as a parameter. Here is the sample code in CloudScript:
handlers.validateET = function (args) {
var data = {};
log.info("Entity Token from client is " + args.et);
var vetresult = entity.ValidateEntityToken({
EntityToken: args.et
});
return JSON.stringify(vetresult);
};
However, if you want to validate from the client, you must provide your title’s entity token and player’s entity token in order to call Authentication/ValidateEntityToken API. For title entity token, you must get it from Authentication/GetEntityToken API. However, in order to call this API, you must store the developer key in it, which is not secure.
Cool, thank you for responding.
What I did at the moment is just calling GetAccountInfo using the X-Authentication token given to the server from the client, if it's a invalid token PlayFab will return an error, and if it's valid I save some time by already getting some info that I would need. Is there any problem by doing this way?
Well, it seems alright to me. In this way you can get the info you need when user’s session is valid and block the user when the session is invalid, kill two birds with one stone, what a brilliant idea!
2 People are following this question.
