I'm currently setting up some logic for Player Customizations and at one point I let the Server ask GameSparks about the current selection of a Player.
Now the Players have the "device" credentials and I wanted to let the Server be able to perform Requests without login in.
I used the "server" credentials and even my own "DediServer" credentials which I tried to make similar to "server" and also "device".
I also created a "Server" user, just to make sure. I don't know if GameSparks needs Servers to have an account though as multiple Server will authenticate with the same login then.
Now no matter what I do, as soon as I use my own Credentials (even when I login with the Server player) all my requests respond with "NOTAUTHORIZED". In the TestHarness and in UE4.
And I can see my PlayerID and Auth Token just fine, still it doesn't let me perform any calls.
The credentials page says something about "Server" would allow me to pass a PlayerID and the call is handled like that player calls it. I assume I could then use the Player I call the event for and remove passing the PlayerID as ScriptData.
But I can't see where I would actually pass the PlayerID so that the call uses it internally.
Would be nice if someone could shed some light here.
I advise that you use Device Authentication Request for your servers. The only requirement for this authentication is a unique string for 'device ID' and another for 'device OS'.
This would be very fitting for the servers to authenticate and able to invoke calls for themselves and other players via cloud code.
I've used your game's DediServer credential with a Device Auth and I am able to make calls without having the "NOTAUTHORIZED" error. Can you see if that works for you?
If that works, do you still need info on calling requests on behalf of players?
yeah this seems to work in the TestHarness. Will have to check the actual Server too.
I assume the "deviceOS" doesn't need to be unique, does it?
For the "deviceID" I would simply use the IP:Port combination of the Server, as we start multiple ones.
I wonder though, isn't it unsafe to have something like "DeviceAuthentification" allowed for users?
I went ahead and deactivated it for the "device" credentials, as they should always log in with Username and Password.
And no, I probably don't need requests on behalf of players. I only need the Server to call the custom log events. He's passing the PlayerID as an argument anyway.
Thanks for the fast help!
Well nevermind, I just tried it again in the TestHarness, nothing changed and it says "NOTAUTHORIZED" again.
Using the same Credentials and using the DeviceAuth with new and old data.
Also noticed that this creates a new Player into the NoSQL database for every new combination.
Will these vanish over time? Because otherwise I would spam the database with every server that authenticates.
Changed DediServer to "Player" and "Listener". That now seems to work again.
But having a new Player per Device Auth is kinda bad. At least if they persist.
For your device auth spam, you can use Spark.getPlayer().removePlayer() on the disconnect script under Cloud Code -> system -> Player Disconnected. You can also use Spark.loadPlayer().removePlayer() in any other script you find fitting.
getPlayer() would be to affect the player currently authenticated.
loadPlayer(playerID) would affect the player with the ID passed in.
You can use Spark.getPlayer().isOnline() to make sure you're not removing a player/server that is currently active.
Hope that helps,