Authorization between DedicatedServers, DataBase server, Steam and AdvancedSessions plugin.

Development Platform & Builds
, , , , , ,
1

Hello everyone!

I am making a game that will run on dedicated servers and will run with Steam Subsystem.

I don’t have problem to create database and communicate to my own API. I use VaRest and to get/post to my ASP.NET Web API.

If a player opens the game first time, I need them to register my database with new account. Because I am planning to hold ‘inventory’ like info on my servers. I am checking if BPUniqueNetId and AuthCode exist on DataBase at start of game. If so, downloads a simple and converts to PlayerInfo on PlayerController. If not, player screen gets a form to fill with name, email, pass (BPUniqueNetId and AuthCode readonly shown for debug)

So far everything is working but getting an AuthCode from Steam.

Note:
Actually I don’t know how to get that AuthCode from Steam, or should I or even can I?
Because I don’t want to store Email/Password on player’s computer.
And I don’t want to create AuthCode after registering new account from my server and return that generated AuthCode to player’s save file. Because if player deletes the game, AuthCode can be lost. Getting that AuthCode later from the game’s website and enter when reinstall the game is a thing but seems unprofessional.
I need an AuthCode from Steam I guess to automatically login if Steam account already integrated to my DataBase.

A side app like RockstarGamesSocialClub is a thing can be achieved but I don’t need that much complicated things. Cuz time consuming.

I tried to use GetPlayerAuthToken from AdvancedSessions plugin. But it returns empty.

Real Question: Is there a way to get an AuthToken from Steam to my DataBase for a unique player only? So, Whenever player asks to get AuthToken for the game, Steam returns an AuthCode that will never changed anytime and can’t be accessed by anyone on internet.

Is this possible? Or I have to change the way of thinking.

Thanks.

2

In general in such case you need to have a some kind of session id from online service and then send it to you sever and verify it on the server, as client should not be beloved as it’s not trustworthy. so read documentation about it in steam how it is done, i never used AdvancedSessions but it should provide everything you need for that.

https://partner.steamgames.com/doc/features/auth

Once you did this process, you are sure of identity of the client and you can treat it as proper login, you need to associate online service id to the user in you database, if you verify authenticity of user login to online service, you can grant access to the account as long as you trust online service in that authenticity verification process.

This is common to all 3rd party service login authentication, not just steam.

3

Thanks for answer .

I assume that you are talking about joining official servers with authorization, right? Because Session Id has nothing to do with opening a game in single player.
Forgive me if I missunderstood.

Because I want players to Create new account in to my database at first time they install the game. And then everytime they download game from Steam, log them in automatically. (If I may able to take that Player/Game specific AuthCode)

GTA5 for example;

Player has to assign their SteamId to their RGSC account. And then login RockstarGames’ database with email/pass automatically. And then I believe, RGSC downloads SteamId/AuthCode from RG Database to local save file for later use on authorizing game access.
I may be wrong with this info, this is only my guess.

Note: I found something similar what I need in Steam Web API’s authorization. But I don’t know how can I use that in my game, for now.