Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by Mervin D Guy Jr · Apr 19 at 09:15 PM · Account ManagementdataAuthenticationdocumentation

Shared Secret Key Usage

For the Developer and Player Shared Secret keys, am I supposed to put them in my code by their name (i.e. keyABC) or by their value (i.e. GJ0839q0iUUUHBD0968)? I couldn't tell when reading the documentation and there aren't any good examples for security reasons.

The examples above were arbitrary and do not represent an actual key name/value.

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

2 Replies

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Mervin D Guy Jr · Apr 20 at 02:17 PM

Quoting SethDu's answer here as the accepted version, the parameter used should be the value (i.e. GJ0839q0iUUUHBD0968) not the name - thanks again for the help

" The value should be the required information, if you are enterprise user, please feel free to submit a ticket to us. According to the document, the following is the standard procedure to handle encrypted login:

An RSA CSP blob to be used to encrypt the payload of account creation requests when that API requires a signature header. For example, if Client/LoginWithCustomId requires signature headers but the player does not have an account yet follow these steps:

  1. Call Client/GetTitlePublicKey with one of the title's shared secrets.
  2. Convert the Base64 encoded CSP blob to a byte array and create an RSA signing object.
  3. Encrypt the UTF8 encoded JSON body of the registration request and place the Base64 encoded result into the EncryptedRequest and with the TitleId field, all other fields can be left empty when performing the API request.
  4. Client receives authentication token as normal. Future requests to LoginWithCustomId will require the X-PlayFab-Signature header.

Please let me know if you have any other questions. "

Comment

People who like this

0 Show 0 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image

Answer by SethDu · Apr 20 at 01:59 AM

May I ask what is the design purpose of this shared secret key? Does player have full access to this data? Please understand that we may need more information to provide suggestions.

Comment

People who like this

0 Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Mervin D Guy Jr · Apr 20 at 06:01 AM 0
Share

It for signing PlayFabAPI login requests with client signatures. The client only has access to the PlayerSharedSecret but not the Developer Key. The client calls the function PlayFabClientAPI.GetTitlePublicKey(GetTitlePublicKeyRequest) and the server calls PlayFabAdminAPI.CreatePlayerSharedSecretAsync(CreatePlayerSharedSecretRequest).

The problem I'm running into is the content of the parameters, is it supposed to be the key-name (i.e. keyABC) or the key-value (i.e. GJ0839q0iUUUHBD0968?


Here is an example document with usage of the API and tags where the parameters should be: https://docs.microsoft.com/en-us/gaming/playfab/gamemanager/encrypted-logins

avatar image SethDu ♦ Mervin D Guy Jr · Apr 20 at 07:47 AM 1
Share

The value should be the required information, if you are enterprise user, please feel free to submit a ticket to us. According to the document, the following is the standard procedure to handle encrypted login:

An RSA CSP blob to be used to encrypt the payload of account creation requests when that API requires a signature header. For example, if Client/LoginWithCustomId requires signature headers but the player does not have an account yet follow these steps:

  1. Call Client/GetTitlePublicKey with one of the title's shared secrets.
  2. Convert the Base64 encoded CSP blob to a byte array and create an RSA signing object.
  3. Encrypt the UTF8 encoded JSON body of the registration request and place the Base64 encoded result into the EncryptedRequest and with the TitleId field, all other fields can be left empty when performing the API request.
  4. Client receives authentication token as normal. Future requests to LoginWithCustomId will require the X-PlayFab-Signature header.

Please let me know if you have any other questions.

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    12 People are following this question.

    avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

    Related Questions

    Unity SDK. Facebook login: Playfab creates different accounts instead of using already created 1 Answer

    Encryption of Steam Ticket using RSA is invalid 1 Answer

    Google account IDs don't match 1 Answer

    ResetPassword javascript API 1 Answer

    iTunes auto-renew subscription feature 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges