Steam Authentication

Hi,
I was looking into integrating steam authentication into the photon server, I understand that I need to create my own endpoint for it, but isn't the endpoint is somewhere on steam?

I followed the ticket option, but its not giving me the option to see if the user owns the game, just if the ticket is valid
Can someone clarify this for me a bit?
Thanks!

Comments

  • JohnTube
    JohnTube ✭✭✭✭✭
    Hi @Pickle,

    Thank you for choosing Photon!

    From Steamworks web API docs:
    Ownership Verification
    Once a user's identity has been verified, a secure server can use the ISteamUser/CheckAppOwnership Web API method to check if the user owns a particular AppID, or call ISteamUser/GetPublisherAppOwnership to retrieve a list of all user owned AppIDs that are associated with the provided Publisher Key.
  • So I should do it at the endpoint?
    have the page wait for the second call and then return the answer?
    OK, I hoped there is a better way to do it.

  • JohnTube
    JohnTube ✭✭✭✭✭
    edited March 2019
    So I should do it at the endpoint?
    have the page wait for the second call and then return the answer?
    Yes if you want/need to combine auth and ownership verification.

  • Our built in Steam authentication provider has the options to verify Ownership, VacBan, PubBan. You need to set the according values to true/false during configuration.

    If this is not what you meant, please try to clarify.
  • Nevermind, just seeing you talk about Photon Server :)
    You need to do it yourself then.
  • Markus wrote: »
    Our built in Steam authentication provider has the options to verify Ownership, VacBan, PubBan. You need to set the according values to true/false during configuration.

    If this is not what you meant, please try to clarify.

    Im confused about the Steamworks.NET + Photon's Built in Authenticator.

    Is the "Built-In Steam Authenticator" used in place of the "GetSteamAuthTicket(out HAuthTicket hAuthTicket)" sample code toward the bottom of the documentation? Or do we also need to put the sample code in the project somewhere?

    Thanks in advance!
  • JohnTube
    JohnTube ✭✭✭✭✭
    Hi @prefixwiz,

    Thank you for choosing Photon!
    Or do we also need to put the sample code in the project somewhere?
    Yes you need that sample to get the steam auth ticket and use it with Photon's built-in Steam Authentication provider.
  • Hello @JohnTube ,

    I do commend photon for their ease of use and documentation, but unless i see it all together in one script, I have a hard time putting it all together for interpretation.
    Yes you need that sample to get the steam auth ticket and use it with Photon's built-in Steam Authentication provider.

    I have trouble wrapping my head around code (until I completely understand it, i question it to death!). :smiley:

    To get a better understanding... where does the following code need to be placed within our project?
    Does it sit at class scope as a variable / struct, does it live in a specific function? Start(), OnJoinedLobby(); etc..
    // hAuthTicket should be saved so you can use it to cancel the ticket as soon as you are done with it
    public string GetSteamAuthTicket(out HAuthTicket hAuthTicket)
    {
        byte[] ticketByteArray = new byte[1024];
        uint ticketSize;
        hAuthTicket = SteamUser.GetAuthSessionTicket(ticketByteArray, ticketByteArray.Length, out ticketSize);
        System.Array.Resize(ref ticketByteArray, (int)ticketSize);
        StringBuilder sb = new StringBuilder();
        for(int i=0; i < ticketSize; i++)
        {
            sb.AppendFormat("{0:x2}", ticketByteArray[i]);
        }
        return sb.ToString();
    }
    

    After getting the above information and putting it in its proper location, when and where do we use the following code?
    PhotonNetwork.AuthValues = new AuthenticationValues();
    PhotonNetwork.AuthValues.UserId = SteamUser.GetSteamID().ToString();
    PhotonNetwork.AuthValues.AuthType = CustomAuthenticationType.Steam;
    PhotonNetwork.AuthValues.AddAuthParameter("ticket", SteamAuthSessionTicket);
    // do not set AuthValues.Token or authentication will fail
    // connect
    

    Finally, do we do the above on the client every time we join a room or lobby, or only one time at the initial connection of photon? Then, when they client connects to photon we do the following?
    private void OnConnected()
    {
        SteamUser.CancelAuthTicket(hAuthTicket);
    }
    

    Thank you for your time! Im obviously super confused due to my own technical (im not very technical :smile: ) knowledge of coding.



  • I actually think I answered my own question: But to make sure im on the right track, if you dont mind answer those questions.. I think it will help reinforce my process. In addition. After I "authenticate" user before connection to photon, and then cancel authentication when we connect to photon, I can simply continue to develop as if steam was not a factor?

    I guess I simply dont understand why the Authentication is needed? Im able to grab the players name w/out authentication. Where does authentication come into play? Thanks!
  • JohnTube
    JohnTube ✭✭✭✭✭
    edited February 2021
    where does the following code need to be placed within our project?
    Does it sit at class scope as a variable / struct, does it live in a specific function? Start(), OnJoinedLobby(); etc..
    It should not be called inside OnJoinedLobby as that would be too late.
    It should be added anywhere in your code and it should be called before connecting to Photon and after connecting to Steam.
    After getting the above information and putting it in its proper location, when and where do we use the following code?
    See below.
    Finally, do we do the above on the client every time we join a room or lobby, or only one time at the initial connection of photon? Then, when they client connects to photon we do the following?
    One time only per auth ticket, once you no longer need it. See below.

    This snippet is not complete nor tested.
    It's lacking the code of how to connect or sign in to Steam.
    using Photon.Pun;
    using Photon.Realtime;
    // add missing usings for Steam etc.
    
    public class MinimalSteamAuth : MonoBehaviourPunCallbacks
    {
        private HAuthTicket hAuthTicket;
    
            // call this once connected or signed in to Steam
    	public void ConnectToPhoton()
    	{
    	    string SteamAuthSessionTicket = GetSteamAuthTicket(out hAuthTicket);
    		PhotonNetwork.AuthValues = new AuthenticationValues();
    		PhotonNetwork.AuthValues.UserId = SteamUser.GetSteamID().ToString();
    		PhotonNetwork.AuthValues.AuthType = CustomAuthenticationType.Steam;
    		PhotonNetwork.AuthValues.AddAuthParameter("ticket", SteamAuthSessionTicket);
    		PhotonNetwork.ConnectUsingSettings();
    	}
    	
    	// hAuthTicket should be saved so you can use it to cancel the ticket as soon as you are done with it
    	public string GetSteamAuthTicket(out HAuthTicket hAuthTicket)
    	{
    		byte[] ticketByteArray = new byte[1024];
    		uint ticketSize;
    		hAuthTicket = SteamUser.GetAuthSessionTicket(ticketByteArray, ticketByteArray.Length, out ticketSize);
    		System.Array.Resize(ref ticketByteArray, (int)ticketSize);
    		StringBuilder sb = new StringBuilder();
    		for(int i=0; i < ticketSize; i++)
    		{
    			sb.AppendFormat("{0:x2}", ticketByteArray[i]);
    		}
    		return sb.ToString();
    	}
    	
    	public override void OnConnectedToMaster()
    	{
    		SteamUser.CancelAuthTicket(hAuthTicket);
    	}
    }
    
    In addition. After I "authenticate" user before connection to photon, and then cancel authentication when we connect to photon, I can simply continue to develop as if steam was not a factor?
    Cancelling auth ticket means you can't reuse it one more time.
    This is an extra security measure to prevent tokens misuse.
    This does not mean that you cancelled authentication itself nor signed out nor disconnected.
    I guess I simply dont understand why the Authentication is needed? Im able to grab the players name w/out authentication. Where does authentication come into play?

    Of course you can use both services Photon and Steam in parallel without Steam authentication in Photon.
    The advantages of using Steam authentication with Photon:
    - set Photon UserID to match Steam UserID, this helps in doing matchmaking, finding friends, getting their status, etc.
    - the actual authentication itself: you verify identity of players and make sure each player has a unique UserID that persists across sessions.
    - make use of extra Steam authentication features like verifying ownership, ban, etc.
  • prefixwiz
    prefixwiz
    edited February 2021
    @JohnTube
    Absolutely AMAZING answer. Thank you so much for your time. That clarified all of my questions, concerns and more!!!!