Following up on the following thread:
https://community.playfab.com/questions/49557/unable-to-run-client-and-server-ue-426-due-to-deve.html
It seems that the secretkey is not being cleared on session being destroyed.. so every second time you try to log in PIE... you get the following crash since the secret key is present while logging in on the second try:
Could you please tell us which the detailed UE version you used, such as 4.26.1, 4.26.2? Are you using the Blueprint or C++ to develop your project? Do you call the server API and call the client API in one project, or you implement the server and client in two projects but run them at the same time? Could you please provide the detailed reproducing steps so that we can reproduce this issue?
Hi @Sarah Zhang,
Thanks for the reply. The UE4 version is 4.26.2. It is a blueprint project. I am setting developer secret key in project settings... then calling login with custom id in blueprints and runtime. It works finally initially. Stop the PIE session and start again and log in again and it will crash. Been a bug for over 6 months and ton of people have reported it.
@Sarah Zhang, were you able to reproduce it?
Answer by Sarah Zhang · Aug 05, 2021 at 02:30 AM
Yes. For clarification, the secret key won't be cleared when the session being destroyed. In the first login, PlayFab stores both Developer Secret key and the Player's Session Ticket to the static variable -- AuthenticationContext. Then in the second login, PlayFab use a checkf method to check whether AuthenticationContext have both Developer Secret key and Session Ticket, if true, the editor will crash. In our design, the Developer Secret Key and Client Session Ticket shouldn't be used at the same time, calling Server APIs and Admin APIs on the clients, or call the Client APIs on the server-side could both cause errors.
Since Client API is designed for players, calling Client API on the server side may cause the limit to be exceeded. Adding Developer Secret Key on the client side means giving players the access to call all management API, if so, it will be quite easy for players to cheat.
So, we add a checkf method to the Marketplace plugin to prevent the potential issues caused by the improper API calls.
We suggest you remove all Developer Secret Key from your client to fix this issue. Or if you are developing a server, please try to use the Server APIs to replace the corresponding Client APIs instead of calling the Client APIs directly on the server.
There are some things that are needed to be done in clients and some things on server only. This is a bug since the crash doesn't happen on the first attempt. It just never clears the keys after the first attempt.
Our plugin won’t clear up the Developer Secret Key that in the Authentication Context automatically. It’s by design. In any case, please do not set up the Developer Secret Key in your project, then call Client API methods.