Skip to main content

User Login & Authentication

PlayServ assumes the client performs user authentication in an external system — your identity provider — and then passes the resulting UserToken into the SDK. PlayServ uses that token to upgrade the session privileges and bind the session to an existing user profile or create a new one.

info

Use this flow when:

  • the player has just completed authentication in your UI — username/password, provider sign-in, etc.
  • the app starts and you already have a previously stored UserToken
  • you need to re-authenticate because the token is no longer valid

Two entry points: Ready and Login

Ready(UserToken) at session start

If the user was authenticated earlier and the UserToken is already stored locally, pass it immediately when starting the session:

await PlayServ.Ready(UserToken);

This performs the same privilege upgrade as Login(UserToken), but happens at session start, so the authenticated state is reached sooner.

Login(UserToken) after user signs in

Use Login(UserToken) when the player authenticates during runtime — for example, after entering credentials in your login screen:

// External authentication...
// You received UserToken
var result = await PlayServ.Login(UserToken);

What happens if the token is no longer valid

If the player session ends or the stored token becomes invalid, the handshake may return an error on Ready(UserToken). In that case:

  • the player must authenticate again in the external system
  • then call Login(UserToken) with the newly issued token

Server-side validation: ValidateClient

To validate the authenticated client on the server, PlayServ performs an RPC call to ValidateClient, if it is declared in server code.

If ValidateClient returns false or rejects validation, the client will not receive the privilege upgrade and will be denied.

[Server]
public class ClientAuth
{
    // Client validation
    public bool ValidateClient(Session session)
    {
        return true;  // client passed validation
        return false; // client will be disconnected / denied
    }
}
warning

ValidateClient is the enforcement point for UserToken validity. Treat this method as your server-side gate for upgrading privileges.

How this relates to handshake and session

  • Ready(UserToken) affects the handshake path at session start.
  • Login(UserToken) is the same privilege upgrade, but initiated later during runtime.
  • Session state remains the primary indicator for the client's runtime readiness.

Next step

For related topics: