server | v5 switch to v4  

Photon Steam Authentication

Contents

Server Configuration

  • Open "deploy\NameServer\bin\NameServer.xml.config".
  • Make sure CustomAuth is enabled, Enabled needs to be true.
  • Optionally set AllowAnonymous to true or false depending on your needs. We recommend setting it to false.
  • Set AuthenticationType to "1" which is the code for Steam authentication provider type.
  • Choose any name you want, we used "Steam" for this example but you can change it.
  • Leave "AuthUrl" empty as it's required but we don't need it as the authentication endpoint is internal.
  • Find below the list of the other Steam specific mandatroy settings with their description:
  <CustomAuth Enabled="true" AllowAnonymous="false">
    <AuthProviders>
      <AuthProvider Name="Steam"
                    AuthenticationType="1"
                    AuthUrl=""
                    apiKeySecret="Val1"
                    appid="Val2"
                    verifyOwnership="true"
                    verifyVacBan="true"
                    verifyPubBan="true" />
    </AuthProviders>
  </CustomAuth>
  • apiKeySecret: Steam Publisher Web API key. Do not confuse it with Steam User Key. Read more about how to get one here.
  • appid: ID of the Steam game. You can get one after going through Steam Direct process (formerly known as Steam Greenlight).
  • verifyOwnership: Can be true or false: Whether or not to enable Ownership Verification during authentication. This allows you to verify if the user really owns (purchased the game and has it in his library) the game. This step, if enabled, will be performed just after validating the user's session ticket. Enabling this may add extra delay in authentication, so enable it only if you really need it.
  • verifyVacBan: Can be true or false: Whether or not to check if the user has been banned using Valve's Anti-Cheat (VAC) during authentication. Read more here. Enabling this may add extra delay in authentication, so enable it only if you really need it.
  • verifyPubBan: Can be true or false: Whether or not to check if the user has been banned using a Publisher Ban during authentication. Read more here. Enabling this may add extra delay in authentication, so enable it only if you really need it.

Back To Top

Client Code (Unity)

The client must use Valve's Steamworks API to get a session ticket. This ticket is proof that the client is a valid Steam user.

Back To Top

Steamworks.NET

Steamworks.NET is a popular free and open source Steamworks API wrapper. Follow the instructions listed on this page to import a Unity version of Steamworks.NET.

Back To Top

Get Ticket

Use the following code to get a session ticket using the Steamworks API and convert it to a hex encoded UTF-8 string:

// hAuthTicket should be saved so you can use it to cancel the ticket as soon as you are done with it
public string GetSteamAuthTicket(out HAuthTicket hAuthTicket)
{
    byte[] ticketByteArray = new byte[1024];
    uint ticketSize;
    hAuthTicket = SteamUser.GetAuthSessionTicket(ticketByteArray, ticketByteArray.Length, out ticketSize);
    System.Array.Resize(ref ticketByteArray, (int)ticketSize);
    StringBuilder sb = new StringBuilder();
    for(int i=0; i < ticketSize; i++)
    {
        sb.AppendFormat("{0:x2}", ticketByteArray[i]);
    }
    return sb.ToString();
}

Back To Top

Send Ticket

The client must send the user's session ticket (after converting it to a hex encoded UTF-8 string) as a value of a query string key "ticket".

Back To Top

Cancel Ticket

It is recommended to cancel or revoke the ticket once authentication is done.

Back To Top

Facepunch.Steamworks

Facepunch.Steamworks is yet another alternative free and open source implementation of Steamworks API. Follow the instructions listed on this page to import Facepunch.Steamworks.

Back To Top

Get Ticket

Use the following code to get a session ticket and convert it to a hex encoded UTF-8 string:

// authTicket should be saved so you can use it to cancel the ticket as soon as you are done with it
public string GetSteamAuthTicket(out AuthTicket authTicket)
{
    authTicket = SteamUser.GetAuthSessionTicket();
    StringBuilder ticketString = new StringBuilder();
    for (int i = 0; i < authTicket.Data.Length; i++)
    {
        ticketString.AppendFormat("{0:x2}", authTicket.Data[i]);
    }
    return ticketString.ToString();
}

Back To Top

Send Ticket

The client must send the user's session ticket (after converting it to a hex encoded UTF-8 string) as a value of a query string key "ticket".

Back To Top

Cancel Ticket

It is recommended to cancel or revoke the ticket once authentication is done.


To Document Top