question

iengtheansovann avatar image
iengtheansovann asked

PlayFab Open ID provider from Epic Games

Hello. My goal is to use Epic Games as Open ID provider for PlayFab.<br><br>Login flow: player login with Epic Games FIRST then -> LoginWithOpenID() via PlayFab.

But failed with the below error message: 

IDX10501: Signature validation failed. Unable to match key: 
kid: '2022-06-14T06:17:57.047928700Z'.
Exceptions caught:
 
token: '{
   "kid":"2022-06-14T06:17:57.047928700Z",
   "typ":"JWT",
   "alg":"RS256"
}{
   "aud":"xxxxxx",
   "sub":"xxxxxx",
   "pfsid":"xxxxxx",
   "act":{
      "pltfm":"other",
      "eaid":"xxxxxx",
      "eat":"epicgames"
   },
   "pfdid":"xxxxxx",
   "iss":"https://api.epicgames.dev/auth/v1/oauth",
   "exp":1667391187,
   "tokenType":"idToken",
   "iat":1667387587,
   "pfpid":"xxxxxx"
}
'.



This below is my Open ID configuration that I created using Admin/CreateOpenIdConnection REST API directly.<br>

{
    "ClientId": "xxxxxx",
    "ClientSecret": "xxxxxx",
    "ConnectionId": "EOS",
    "IssuerInformation": 
    {
        "AuthorizationUrl": "https://www.epicgames.com/id/authorize",
        "Issuer": "https://api.epicgames.dev/epic/oauth/v1",
        "TokenUrl": "https://api.epicgames.dev/epic/oauth/v1/token",
        "JsonWebKeySet":
        {
            "keys": [
                {
                "kty": "RSA",
                "e": "AQAB",
                "kid": "xxxxxx",
                "n": "xxxxxx"
                }
            ]
        }
    }
}<br><br>Please Help.
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Xiao Zha avatar image
Xiao Zha answered

We have hidden some of the information in your post because it is considered PII (Personally identifiable information) and should be hidden from public forums.

I cannot reproduce your issue and your OpenID configuration seems correct. But you can try to set the “IssuerDiscoveryUrl” property in CreateOpenIdConnection API request to” https://api.epicgames.dev/epic/oauth/v1/.well-known/openid-configuration” instead of setting a bunch of “IssuerInformation”. Also, you can refer to the code example: Using the C# SDK | Epic Online Services Developer (epicgames.com) to check your code workflow. And here’s the LoginWithOpenIdConnect code example: 

s_PlatformInterface.GetAuthInterface().Login(ref loginOptions, null, (ref LoginCallbackInfo loginCallbackInfo) => 
{
    if (loginCallbackInfo.ResultCode == Result.Success)
    {
        Debug.Log("Login succeeded");
        IdToken? idToken = new IdToken?();
        var copyIdTokenOptions = new CopyIdTokenOptions()
        {
            AccountId = loginCallbackInfo.LocalUserId
        };
        s_PlatformInterface.GetAuthInterface().CopyIdToken(ref copyIdTokenOptions, out idToken);
        Debug.Log("IdToken =======================================" + idToken.GetValueOrDefault().JsonWebToken);
        PlayFabClientAPI.LoginWithOpenIdConnect(new PlayFab.ClientModels.LoginWithOpenIdConnectRequest
        {
            IdToken = idToken.GetValueOrDefault().JsonWebToken,
            ConnectionId = "EpicOpenID",
            CreateAccount = true
        },
        result => { 
            Debug.Log("PlayFabId ========================================= " + result.PlayFabId);
        },
        error => {
            Debug.LogError(error.GenerateErrorReport());
        });
    }
    else if (Common.IsOperationComplete(loginCallbackInfo.ResultCode))
    {
        Debug.Log("Login failed: " + loginCallbackInfo.ResultCode);
    }
});

If the issue still exists, you can provide your login code for us to research.

3 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

iengtheansovann avatar image iengtheansovann commented ·

Its okay those credential is disposable(temp).

Yes, I have already tried that using the REST CreateOpenIdConnection directly from Postman.
And get same error as above.


Also if I add https://api.epicgames.dev/epic/oauth/v1/.well-known/openid-configuration directly to the UI in the image below, it throw this error.

Something is wrong,

0 Likes 0 ·
screenshot-2022-11-06-224615.png (101.4 KiB)
Xiao Zha avatar image Xiao Zha iengtheansovann commented ·

As I mentioned above the Url: “https://api.epicgames.dev/epic/oauth/v1/.well-known/openid-configuration” is used in the “IssuerDiscoveryUrl” property in the CreateOpenIdConnection API, which cannot be used as “Issuer” URL and since the IssuerDiscoverUrl is used to read issuer information, after you set the “IssuerDiscoverUrl”, there is no need to set the “IssuerInformation”. You can try again and if the issue still exists, you can provide your login code for us to research.

0 Likes 0 ·
giovannifrigo avatar image giovannifrigo iengtheansovann commented ·

After trial and error, I found that setting issuer to https://api.epicgames.dev/epic/oauth/v1 rather than https://api.epicgames.dev/epic/oauth/v1/.well-known/openid-configuration solves that "unable to retrieve connection discovery data" error

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.