Authorization between DedicatedServers, DataBase server, Steam and AdvancedSessions plugin.
I am making a game that will run on dedicated servers and will run with Steam Subsystem.
I don't have problem to create database and communicate to my own API. I use VaRest and Json to get/post to my ASP.NET Web API.
If a player opens the game first time, I need them to register my database with new account. Because I am planning to hold 'inventory' like info on my servers. I am checking if BPUniqueNetId and AuthCode exist on DataBase at start of game. If so, downloads a simple Json and converts to PlayerInfo on PlayerController. If not, player screen gets a form to fill with name, email, pass (BPUniqueNetId and AuthCode readonly shown for debug)
So far everything is working but getting an AuthCode from Steam.
Note: Actually I don't know how to get that AuthCode from Steam, or should I or even can I? Because I don't want to store Email/Password on player's computer. And I don't want to create AuthCode after registering new account from my server and return that generated AuthCode to player's save file. Because if player deletes the game, AuthCode can be lost. Getting that AuthCode later from the game's website and enter when reinstall the game is a thing but seems unprofessional. I need an AuthCode from Steam I guess to automatically login if Steam account already integrated to my DataBase.
A side app like RockstarGamesSocialClub is a thing can be achieved but I don't need that much complicated things. Cuz time consuming.
I tried to use GetPlayerAuthToken from AdvancedSessions plugin. But it returns empty.
Real Question: Is there a way to get an AuthToken from Steam to my DataBase for a unique player only? So, Whenever player asks to get AuthToken for the game, Steam returns an AuthCode that will never changed anytime and can't be accessed by anyone on internet.
Is this possible? Or I have to change the way of thinking.
In general in such case you need to have a some kind of session id from online service and then send it to you sever and verify it on the server, as client should not be beloved as it's not trustworthy. so read documentation about it in steam how it is done, i never used AdvancedSessions but it should provide everything you need for that.
Once you did this process, you are sure of identity of the client and you can treat it as proper login, you need to associate online service id to the user in you database, if you verify authenticity of user login to online service, you can grant access to the account as long as you trust online service in that authenticity verification process.
This is common to all 3rd party service login authentication, not just steam.
Follow this question
Once you sign in you will be able to subscribe for any updates here