question

Robert Lange avatar image
Robert Lange asked

Authenticate players on custom server after logged into playfab account through client

Let's say I start my game client and connect to my game server, which handles game logic like sync player position etc. Before I can actual start the game, I need to login to my account.

I want to use playfab for this and already know how to login from my game client to get all information I want to display. But the game server also needs to know which connected user belongs to each playfab account. There are authoritative decisions based on player information which the game server needs to make.

Do I need to send the session ticket through ssl from game client to the game server and get a list of all connected players? Or are there some best practices I didn't find while browsing through the docs and questions?

Thanks in advance

Rob

Authentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Citrus Yan avatar image
Citrus Yan answered

So, you are considering having clients send session tickets to your custom server, and, on that server, use Server/AuthenticateSessionTicket to authenticate those players and add them into the connected players list stored on the server, is that right? As I see it, if you do need to make authoritative decisions on the custom server where players are not supposed to have access to, adding the authentication mechanism between the client and the server would be necessary. Therefore, your idea sounds good to me.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Robert Lange avatar image Robert Lange commented ·

My question is, what's the secure way, to send the precious session ticket to the game server? Using an api and send it via TLS with an https post request? Or can I just use a tcp message through rpc or something like that?

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Robert Lange commented ·

Using API or RPC both works as long as long you encrypt the communications containing session tickets between the client and server. the key here is to encrypt the session ticket, TLS should be OK.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.