PleyGame ManagerC# SDK DocsAPI ReferencesFAQ
Docs
DocsChangelog
Start typing to search…

Implementing Authentication

A toolkit (in the Pley SDK) that helps you with authenticating and identifying users.

AuthKit is Pley's tool to identify, verify, and authenticate users on the Pley platform who is trying to play your games. It integrates with your back-end and provides access to Pley's backend to verify any logged-in users on the platform.

πŸ“˜

How does it work?

This article is just the how-to to implement Pley Authentication into your game.
Read about Authentication for Game Developers here.

Building your own web gaming destination? Read about Pley Authentication for Headless Destinations here.

1) Fetch the Pley Session Token. Send the Session Token to your game server.
2) Game backend verifies the Session Token with the Pley server through an HTTP request (reference).
3) Pley returns the game_user_id to the game server. The session is now trusted, and the user is verified.
4) Game backend uses game_user_id to generate its own validated session for the game client.
5) Game client is now authenticated as the game_user.

This implementation assumes that your backend server is able to authenticate a session server-side. If that is not supported by your server, see the section below on authenticating users without backend verification.

Note that Session Tokens expire after 30 minutes on Pley. If you are doing any critical functions, it is recommended to fetch a new Session Token and verify it.


(1) Fetching Pley Session Token in Game Client

πŸ“˜

API References

You can find the methods called in the references for Unity SDK AuthKit and for the C SDK AuthKit.

When the game starts (after the Pley SDK has been initialized), request a session token from the Pley SDK. This token should then be verified by the game server.

// Remember to initialize the SDK first. 

// Request a session token ID from the SDK:
private string GetPleySessionToken()
{
	return Pley.AuthKit.GetSessionToken();
}

// Now that we have the session token ID, we send it over to your backend so the backend can send a request to Pley's server.
private void SendTokenToBackend()
{
	// Your backend's serverrequest
  MyBackend.AuthenticateUsingPley(GetPleySessionToken());
}

(2) - (4) Verify Session token and get Pley Game User

The game client has a session token and needs a Pley game_user_id. After creating the server function/endpoint above, the server must verify the Session Token to receive a Game User ID from Pley.

To do that, simply create an HTTP request using cURL, from your backend:

curl -X POST \
  https://api.pley.com/v2/auth-kit/verify-session-token \
  -H 'Authorization: Bearer your-api-token' \
  -H 'Content-Type: application/json' \
  -d '{
    "session_token": "users-session-token"
  }'

Your backend will receive a JSON response. This response includes the Pley game_user_id. This ID should be saved to the games' database to a user, and be the user's progress (new or pre-existing) the user recieves.

{
  "data": {
    "game_user": {
      "game_user_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "username": "Tornado92"
    },
    "game_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  }
}

You can check the status code for this response. As customary, we use 200 for a valid response (i.e. verified Session Token) and a 400 as a bad request (i.e. corrupt Session Token).

(5) Get User Game Progress

Finally, use the token/session you generated to authenticate the user and fetch progress. This implementation is unique to your game, and should use the same method as on iOS or Android. Often, games can authenticate using a "custom_id", often being the device ID on mobile. Use Pley's Game User ID in its place on the web.

private void AuthenticateWithGameBackend()
{
	// Your backend's server
  MyBackend.GetGameProgress(GameSpecificSessionInfo);
}
Starts with Game Client requesting a Session Token, and ends with Game Backend authenticating the player.

Starts with Game Client requesting a Session Token, and ends with Game Backend authenticating the player.

πŸ“˜

The Game ID is included within the response JSON so you can identify a specific game. This can be useful if you have multiple games hooked to the same backend service and need verification. You can find the Game ID under settings in the Game Manager at manage.pley.com

🚧

Session Token ID Expires

As mentioned above, Session Tokens expire after a while automatically (every 30 minutes). We recommend you request the Session Token when you're doing any verifications just in case.


Games with basic server-sides

Not all games have servers that can do HTTP cURL requests or authenticate a client. For games with only a database and some server functions, the game logic is very local.

For locally operated games, Pley provides a simple way of determining which user is playing the game. However, this method is much less secure and is not recommended.

1) Call Pley.DangerouslyGetGameUserID();, receiving a Pley Game User ID in return.
2) Use the Pley Game User ID to authenticate the user as a custom_id or device_id
3) Start the game with the correct progress.

Read how to enable this method, and how to use it in this article:

Article: How to enable and use the dangerous SDK methods for local games


❗️

(Depricated) SDK Game User ID

Applicable for Pley SDK 5.7.1 and earlier.

Before SDK 5.8.0, the Game User ID is available from within the SDK. However, the method call isn't meant to be used for verification as the resulting Game User ID can be easily tampered with. The purpose of this method call is to help in error reporting for example.

Updated 11 days ago

What’s Next