question

Laarni avatar image
Laarni asked

Is AuthenticateSessionTicket included in Lua corona sdk?

Hi.

I am trying to check if the session ticket is still valid. When i make the call, it returns a nil value for AuthenticateSessionTicket.

By the way, i was too limited with Xcode so i switched to Corona SDK which is simpler and more straightforward.

Here is my code.

  local loadSessionTicket = loadsave.loadTable("ticketPlayfab.json")

   print( "Last Playfab Session Ticket:", loadSessionTicket.sessionTicket )

   local playfabTicketCheckRequest = {
      SessionTicket = loadSessionTicket.sessionTicket
    }
    
PlayFabClientApi.AuthenticateSessionTicket(playfabTicketCheckRequest, function(result) print("User's session still valid: " .. result.PlayFabId) end, function(error) print("User session expired: " .. error.errorMessage) end)
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Laarni avatar image Laarni commented ·

Here is the error.

ERROR: Runtime error
                    principal.lua:39: attempt to call field 'AuthenticateSessionTicket' (a nil value)
                    stack traceback:
                    	principal.lua:39: in function <principal.lua:30>
                    	?: in function 'dispatchEvent'
                    	?: in function 'gotoScene'
                    	main.lua:59: in function '_listener'
                    	?: in function <?:167>
                    	?: in function <?:169>
0 Likes 0 ·

1 Answer

·
brendan avatar image
brendan answered

AuthenticateSessionTicket is not a Client API call - it is only part of the Server API. It's actually not necessary to make this call from the client, since every call (apart from login and password reset) requires the Session Ticket, and will return an invalid ticket error if the ticket has expired. You should always check the error responses from any client call and handle any error responses - bear in mind that even if you check the ticket in one call, it could just as easily expire before the next one, so you can't depend upon any given check of the ticket to be valid for subsequent calls.

8 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Laarni avatar image Laarni commented ·

I get what you mean but here is my goal. I want to check if the session ticket is still current. If yes, then the player keeps using the app since he is still logged in. If not, then i show the log in screen. So basically, i d like to have the players log in only when the session has expired knowing that i do not want to store their username and password anywhere, not even in the keychain. I am kind of stuck.

0 Likes 0 ·
brendan avatar image brendan Laarni commented ·

The problem is that you could still get an invalid ticket response after checking if the ticket is current, due to it expiring after you make that call. And since every call returns the error if the ticket has expired, you have to make that check anyway, at which point you would prompt the user to sign in.

But why not simply link the Device ID to the player account, so that you can automatically re-authenticate the player with that?

0 Likes 0 ·
Laarni avatar image Laarni commented ·

How would it work? Just by internally logging in the the device ID? So it will look like that =>

- user registration

- user log in with email and password and if successful link the device ID

- internally log in with the device ID (without interaction from the user)

Result, the user will always be logged in unless he logs out and then =>

- user still registered

- user logged out

- user will re-logged in when re-opening the app because of the internal log in with device ID.

In that case, i will still have the user logged in with the device ID when i want him to log with the email.

Am i missing something?

0 Likes 0 ·
brendan avatar image brendan Laarni commented ·

Technically, there isn't a "log out" yet, but you could delete the local copy of the Session Ticket, which would effectively mean they can't access the calls. But yes, that's basically what I was saying. The only other question I would ask is, why not have the Device ID be the base ("generic") login, and add the username/password login later? That way, there's zero friction to getting the player into the game.

0 Likes 0 ·
Laarni avatar image Laarni commented ·

That sounds really good. Will it add or update the device id if the user changes it? or uses 2 different ones.

0 Likes 0 ·
brendan avatar image brendan Laarni commented ·

Using a device ID login, the ID itself is the login credential. So if the device ID changes for some reason (on iOS, this would be if the user uninstalls all apps from you, and then installs one again, for example), the call would be trying to log into a different account. And if you set CreateAccount to true, that would then mean you'd be creating a new account.

0 Likes 0 ·
Laarni avatar image Laarni commented ·

Go it. The user will still get his account back if he then adds the usernamePassword ?

0 Likes 0 ·
brendan avatar image brendan Laarni commented ·

The idea is that logins like device ID and custom ID are super-low friction, so that players get to the game as quickly as possible. You then incentivize the player to add something they can use to get back to the account from other devices, like Facebook, Google, or username/password. I'd recommend reading this post, as well: https://playfab.com/first-impressions-count-best-practices-friction-free-player-authentication/.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.