This page is a work in progress and could be pending updates.
server | v5 switch to v4  

Photon Steam Authentication

Contents

Application Setup

  • Open "deploy\NameServer\bin\Photon.NameServer.dll.config".
  • Make sure AuthSettings are enabled, Enabled needs to be true.
  • Optionally set ClientAuthenticationAllowAnonymous to true or false depending on your needs. We recommend setting it to false.
  • Set AuthenticationType to "1" which is the code for Steam authentication provider type.
  • Choose any name you want, we used "Steam" for this example but you can change it.
  • Leave "AuthUrl" empty as it's required but we don't need it as the authentication endpoint is internal.
  • Find below the list of the other Steam specific mandatroy settings with their description:
  <AuthSettings Enabled="true" ClientAuthenticationAllowAnonymous="false">
    <AuthProviders>
      <AuthProvider Name="Steam"
                    AuthenticationType="1"
                    AuthUrl=""
                    apiKeySecret="Val1"
                    appid="Val2"
                    verifyOwnership="true"
                    verifyVacBan="true"
                    verifyPubBan="true" />
    </AuthProviders>
  </AuthSettings>
  • apiKeySecret: Steam Publisher Web API key. Read more about how to get one here.
  • appid: ID of the Steam game. You can get one after going through Steam Direct process (formerly known as Steam Greenlight).
  • verifyOwnership: Can be true or false: Whether or not to enable Ownership Verification during authentication. This allows you to verify if the user really owns (purchased the game and has it in his library) the game. This step, if enabled, will be performed just after validating the user's session ticket. Enabling this may add extra delay in authentication, so enable it only if you really need it.
  • verifyVacBan: Can be true or false: Whether or not to check if the user has been banned using Valve's Anti-Cheat (VAC) during authentication. Read more here. Enabling this may add extra delay in authentication, so enable it only if you really need it.
  • verifyPubBan: Can be true or false: Whether or not to check if the user has been banned using a Publisher Ban during authentication. Read more here. Enabling this may add extra delay in authentication, so enable it only if you really need it.

Back To Top

Client Code

The client must use Valve's Steamworks API to get a session ticket. This ticket is proof that the client is a valid Steam user.

Back To Top

Get Ticket

Use the following code to get a session ticket using the Steamworks API and convert it to a hex encoded UTF-8 string:

// hAuthTicket should be saved so you can use it to cancel the ticket as soon as you are done with it
public string GetSteamAuthTicket(out HAuthTicket hAuthTicket)
{
    byte[] ticketByteArray = new byte[1024];
    uint ticketSize;
    hAuthTicket = SteamUser.GetAuthSessionTicket(ticketByteArray, ticketByteArray.Length, out ticketSize);
    System.Array.Resize(ref ticketByteArray, (int)ticketSize);
    StringBuilder sb = new StringBuilder();
    for(int i=0; i < ticketSize; i++)
    {
        sb.AppendFormat("{0:x2}", ticketByteArray[i]);
    }
    return sb.ToString();
}

Back To Top

Send Ticket

The client must send the user's session ticket (after converting it to a hex encoded UTF-8 string) as a value of a query string key "ticket".

Back To Top

Cancel Ticket

It is recommended to cancel or revoke the ticket once authentication is done.

To Document Top