Implementing Authentication

AuthKit is Pley's tool to identify, verify, and authenticate users on the Pley platform who is trying to play your games. It integrates with your back-end and provides access to Pley's backend to verify any logged-in users on the platform.

This article is just the how-to to implement Pley Authentication into your game.
Read more about Pley Authentication here.

1) Fetch the Pley Session Token. Send the Session Token to your game server.
2) Game backend verifies the Session Token with the Pley server through an HTTP request (reference).
3) Pley returns the game_user_id to the game server. The user is now verified.
4) Game backend uses game_user_id to generate it's own session/token and send it to the game client.
5) Game client authenticates user actions same as what it's already doing on mobile.

Note that Session Tokens expire after 30 minutes on Pley. If you are doing any critical functions, it is recommended to fetch a new Session Token and verify it.

(1) Fetching Pley Session Token in Game Client

📘

API References

You can find the methods called in the references for Unity SDK AuthKit and for the C SDK AuthKit.

When the game starts (after the Pley SDK has been initialized), request a session token from the Pley SDK. This token should then be verified by the game server.

// Remember to initialize the SDK first. 

// Request a session token ID from the SDK:
private string GetPleySessionToken()
{
	return Pley.AuthKit.GetSessionToken();
}

// Now that we have the session token ID, we send it over to your backend so the backend can send a request to Pley's server.
private void SendTokenToBackend()
{
	// Your backend's server send request
  MyBackend.AuthenticateUsingPley(GetPleySessionToken());
}

(2) - (4) Verify Session token and get Pley Game User

The game client has a session token and needs a Pley game_user_id. After creating the server function/endpoint above, the server must verify the Session Token to recieve a Game User ID from Pley.

To do that, simply create an HTTP request using cURL, from your backend:

curl -X POST \
  https://api.pley.com/v2/auth-kit/verify-session-token \
  -H 'Authorization: Bearer your-api-token' \
  -H 'Content-Type: application/json' \
  -d '{
    "session_token": "users-session-token"
  }'

Your backend will receive a JSON response. This response includes the Pley game_user_id which the game client should use to authenticate with the backend (as an existing user, or create a new user).

{
  "data": {
    "game_user": {
      "game_user_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "username": "Tornado92"
    },
    "game_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  }
}

You can check the status code for this response. As customary, we use 200 for a valid response (i.e. verified Session Token) and a 400 as a bad request (i.e. corrupt Session Token).

Use the game_user_id to generate game specific session/token and send it to game client.

(5) Get User Game Progress

Finally, use the token/session you generated to authenticate the user and fetch progress. This implementation is unique to your game, and should use the same method as on iOS or Android.

private void AuthenticateWithGameBackend()
{
	// Your backend's server send request
  MyBackend.GetGameProgress(GameSpecificSessionInfo);
}

📘

The Game ID is included within the response JSON so you can identify a specific game. This can be useful if you have multiple games hooked to the same backend service and need verification. You can find the Game ID under settings in the Game Manager at manage.pley.com

🚧

Session Token ID Expires

As mentioned above, Session Tokens expire after a while automatically (every 30 minutes). We recommend you request the Session Token when you're doing any verifications just in case.

❗️

SDK Game User ID

The Game User ID is available from within the SDK. However, the method call isn't meant to be used for verification as the resulting Game User ID can be easily tampered with. The purpose of this method call is to help in error reporting for example.