Implementing Authentication
A toolkit (in the Pley SDK) that helps you with authenticating and identifying users.
AuthKit is Pley's tool to identify, verify, and authenticate users on the Pley platform who is trying to play your games. It integrates with your back-end and provides access to Pley's backend to verify any logged-in users on the platform.
How does it work?This article is just the how-to to implement Pley Authentication into your game.
Read about Authentication for Game Developers here.Building your own web gaming destination? Read about Pley Authentication for Headless Destinations here.
1) Fetch the Pley Session Token
. Send the Session Token
to your game server.
2) Game backend verifies the Session Token
with the Pley server through an HTTP request (reference).
3) Pley returns the game_user_id
to the game server. The session is now trusted, and the user is verified.
4) Game backend uses game_user_id
to generate its own validated session for the game client.
5) Game client is now authenticated as the game_user
.
This implementation assumes that your backend server is able to authenticate a session server-side. If that is not supported by your server, see the section below on authenticating users without backend verification.
Note that Session Tokens
expire after 30 minutes on Pley. If you are doing any critical functions, it is recommended to fetch a new Session Token
and verify it.
(1) Fetching Pley Session Token in Game Client
API ReferencesYou can find the methods called in the references for Unity SDK AuthKit and for the C SDK AuthKit.
When the game starts (after the Pley SDK has been initialized), request a session token from the Pley SDK. This token should then be verified by the game server.
// Remember to initialize the SDK first.
// Request a session token ID from the SDK:
private string GetPleySessionToken()
{
return Pley.AuthKit.GetSessionToken();
}
// Now that we have the session token ID, we send it over to your backend so the backend can send a request to Pley's server.
private void SendTokenToBackend()
{
// Your backend's serverrequest
MyBackend.AuthenticateUsingPley(GetPleySessionToken());
}
(2) - (4) Verify Session token and get Pley Game User
The game client has a session token and needs a Pley game_user_id
. After creating the server function/endpoint above, the server must verify the Session Token to receive a Game User ID from Pley.
To do that, simply create an HTTP request using cURL, from your backend:
curl -X POST \
https://api.pley.com/v2/auth-kit/verify-session-token \
-H 'Authorization: Bearer your-api-token' \
-H 'Content-Type: application/json' \
-d '{
"session_token": "users-session-token"
}'
Your backend will receive a JSON response. This response includes the Pley game_user_id
. This ID should be saved to the games' database to a user, and be the user's progress (new or pre-existing) the user recieves.
{
"data": {
"game_user": {
"game_user_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"username": "Tornado92"
},
"game_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
}
You can check the status code for this response. As customary, we use 200
for a valid response (i.e. verified Session Token) and a 400
as a bad request (i.e. corrupt Session Token).
(5) Get User Game Progress
Finally, use the token/session you generated to authenticate the user and fetch progress. This implementation is unique to your game, and should use the same method as on iOS or Android. Often, games can authenticate using a "custom_id", often being the device ID
on mobile. Use Pley's Game User ID in its place on the web.
private void AuthenticateWithGameBackend()
{
// Your backend's server
MyBackend.GetGameProgress(GameSpecificSessionInfo);
}

Starts with Game Client requesting a Session Token, and ends with Game Backend authenticating the player.
The Game ID is included within the response JSON so you can identify a specific game. This can be useful if you have multiple games hooked to the same backend service and need verification. You can find the Game ID under settings in the Game Manager at manage.pley.com
Session Token ID ExpiresAs mentioned above, Session Tokens expire after a while automatically (every 30 minutes). We recommend you request the Session Token when you're doing any verifications just in case.
Games with basic server-sides
Not all games have servers that can do HTTP cURL requests or authenticate a client. For games with only a database and some server functions, the game logic is very local.
For locally operated games, Pley provides a simple way of determining which user is playing the game. However, this method is much less secure and is not recommended.
1) Call Pley.DangerouslyGetGameUserID();
, receiving a Pley Game User ID in return.
2) Use the Pley Game User ID to authenticate the user as a custom_id or device_id
3) Start the game with the correct progress.
Read how to enable this method, and how to use it in this article:
Article: How to enable and use the dangerous SDK methods for local games
(Depricated) SDK Game User IDApplicable for Pley SDK 5.7.1 and earlier.
Before SDK 5.8.0, the Game User ID is available from within the SDK. However, the method call isn't meant to be used for verification as the resulting Game User ID can be easily tampered with. The purpose of this method call is to help in error reporting for example.
Updated 11 days ago