question

DP avatar image
DP asked

MatchmakingEntityInvalid when calling CreateMatchMakingTicket using "title" EntityToken.

I'm attempting to create a matchmaking ticket for a player using Azure Functions/CloudScript.

Here's what I'm doing exactly:

First, I get an entity token as title from my secret key.

 {
  path: '/Authentication/GetEntityToken',
  options: {
    method: 'POST',
    body: '{"Entity":{"Id":"YYY","Type":"title"}}',
    headers: {
      'Content-Type': 'application/json',
      'X-SecretKey': 'XXX'
    }
  }
}

Next, I call CreateMatchmakingTicket

{
  path: '/Match/CreateMatchmakingTicket',
  options: {
    method: 'POST',
    body: '{"GiveUpAfterSeconds":10,"QueueName":"DefaultQueue","Creator":{"Entity":{"Id":"YYY","Type":"title_player_account"}}}',
    headers: {
      'Content-Type': 'application/json',
      'X-EntityToken': 'ZZZ
    }
  }
}

Finally, I get this response:

{
  path: '/Match/CreateMatchmakingTicket',
  result: {
    code: 403,
    status: 'Forbidden',
    error: 'MatchmakingEntityInvalid',
    errorCode: 2001,
    errorMessage: 'The entity of the caller must be one of types: title_player_account.'
  }
}

What I can intuit from this is that it is unhappy with the fact that the X-EntityToken I am using is for a "title" and not a "title_player_account". I've attempted to acquire an EntityToken for a title_player_account using my title EntityToken and I get the following error:

 {
  path: '/Authentication/GetEntityToken',
  result: {
    code: 401,
    status: 'Unauthorized',
    error: 'NotAuthorized',
    errorCode: 1089,
    errorMessage: "The claim was not allowed to perform the requested action based on the entity's access policy. Policy comment: By default, all requests are denied. If you expected this request to succeed, you may be missing a policy. See the 
permissions APIs in PlayFab's Admin Api to add a permission."
  }
}

Am I approaching this the right way? Should I just make matchmaking tickets directly from the game client itself? Should I not even be bothering with proxying this to the server-side?

AuthenticationMatchmaking
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Seth Du avatar image
Seth Du answered

As the error message indicates, /Match/CreateMatchmakingTicket will require a title_player_account entity token to create a ticket on AFCS, but by default the working environment holds a title-level token.

>>Should I just make matchmaking tickets directly from the game client itself?

Yes, in most scenarios, players should make matchmaking tickets directly from the clients through client API. May I ask your concerns? If you are worried about players making up the attributes in the requests on their own, you may switch the “Attribute source” in Rule settings of Queue to “Player Entity”, which will directly retrieve corresponding value from Player’s Entity Object. While Entity Object’s access policy can be modified through Global Entity Policy, and you can deny the write permission of players so that it can be completely maintained by PlayFab server.

Still, there are very specific scenarios that need to create matchmaking ticket on the server side. In that case, you may use CreateServerMatchmakingTicket instead, which is designed to be called on server side.

3 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

DP avatar image DP commented ·

I realized recently that CreateServerMatchmakingTicket exists, I hadn't realized there was a server specific endpoint to call, mainly because the other isn't called CreateClientMatchmakingTicket so I didn't really even conceptualize there'd be a difference. Works now, thanks!

0 Likes 0 ·
halpar avatar image halpar commented ·

Can you clarify on what is Attribute source? I am trying to create a server authorative queue using azure functions, but as I understand from your functions i shouldnt need azure functions to have server authoritiy for my queues. But when I look at the rule type I dont see the rule you mention. Can you eloborate?

0 Likes 0 ·
halpar avatar image halpar halpar commented ·

I found out what is attribute source, but it seems this field is changeable by client. So how can i trust client not to change it?

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.