Shared Secret Key Usage
For the Developer and Player Shared Secret keys, am I supposed to put them in my code by their name (i.e. keyABC) or by their value (i.e. GJ0839q0iUUUHBD0968)? I couldn't tell when reading the documentation and there aren't any good examples for security reasons.
The examples above were arbitrary and do not represent an actual key name/value.
Best Answer
Quoting SethDu's answer here as the accepted version, the parameter used should be the value (i.e. GJ0839q0iUUUHBD0968) not the name - thanks again for the help
" The value should be the required information, if you are enterprise user, please feel free to submit a ticket to us. According to the document, the following is the standard procedure to handle encrypted login:
An RSA CSP blob to be used to encrypt the payload of account creation requests when that API requires a signature header. For example, if Client/LoginWithCustomId requires signature headers but the player does not have an account yet follow these steps:
- Call Client/GetTitlePublicKey with one of the title's shared secrets.
- Convert the Base64 encoded CSP blob to a byte array and create an RSA signing object.
- Encrypt the UTF8 encoded JSON body of the registration request and place the Base64 encoded result into the EncryptedRequest and with the TitleId field, all other fields can be left empty when performing the API request.
- Client receives authentication token as normal. Future requests to LoginWithCustomId will require the X-PlayFab-Signature header.
Please let me know if you have any other questions. "
May I ask what is the design purpose of this shared secret key? Does player have full access to this data? Please understand that we may need more information to provide suggestions.
It for signing PlayFabAPI login requests with client signatures. The client only has access to the PlayerSharedSecret but not the Developer Key. The client calls the function PlayFabClientAPI.GetTitlePublicKey(GetTitlePublicKeyRequest) and the server calls PlayFabAdminAPI.CreatePlayerSharedSecretAsync(CreatePlayerSharedSecretRequest).
The problem I'm running into is the content of the parameters, is it supposed to be the key-name (i.e. keyABC) or the key-value (i.e. GJ0839q0iUUUHBD0968?
Here is an example document with usage of the API and tags where the parameters should be: https://docs.microsoft.com/en-us/gaming/playfab/gamemanager/encrypted-logins
The value should be the required information, if you are enterprise user, please feel free to submit a ticket to us. According to the document, the following is the standard procedure to handle encrypted login:
An RSA CSP blob to be used to encrypt the payload of account creation requests when that API requires a signature header. For example, if Client/LoginWithCustomId requires signature headers but the player does not have an account yet follow these steps:
- Call Client/GetTitlePublicKey with one of the title's shared secrets.
- Convert the Base64 encoded CSP blob to a byte array and create an RSA signing object.
- Encrypt the UTF8 encoded JSON body of the registration request and place the Base64 encoded result into the EncryptedRequest and with the TitleId field, all other fields can be left empty when performing the API request.
- Client receives authentication token as normal. Future requests to LoginWithCustomId will require the X-PlayFab-Signature header.
Please let me know if you have any other questions.
