Authentication #
With Pragma Engine you can use your own identity provider to authenticate your players and operators. Authenticated players and operators can then use your game client to make requests to Pragma Engine.
After a player logs in to your identity provider the identity provider passes a session token to the Pragma Engine. The engine then exchanges the provider token for a Pragma session token. For more information about sessions, see Login and Session.
To try out setting up authentication, see the Unreal and Unity authentication tutorials.
Player and Operator Authentication #
Pragma Engine supports multiple identity providers for player and operator authentication. Below are the available identity providers and their respective values. For more information, see Identity Providers.
Identity Provider | Identity Provider Values |
---|---|
UNSAFE | 1 |
EPIC | 2 |
DISCORD | 3 |
STEAM | 4 |
5 | |
6 | |
PLAYSTATION | 7 |
TWITCH | 8 |
XBOX | 9 |
OKTA | 10 |
AUTH0 | 11 |
GOOGLEWORKSPACE | 12 |
To add additional identity providers, see Custom Identity Providers.
You can use either the identity provider name or identity provider value on authenticateorcreatev2
for the providerId
.
The following examples show the required authenticateorcreatev2
request body. If you don’t use the Pragma SDK to authenticate your users, see Authenticate using RPC.
Authenticate with RPC #
When authenticating with Pragma, we recommend you use the Pragma SDK. The Pragma SDK completes all the following steps for you and reduces the possibility for errors. For more information about authentication using the Pragma SDK, see Pragma Engine SDK Setup Guides.
To manually create an authentication workflow for your client, use the following steps.
- Make a call to the
getinqueue
endpoint. The endpoint returns a JSON object with an encryptedloginQueuePassToken
.- Check the
isAllowed
field in the JSON object. - If the
isAllowed
field isfalse
continue to poll using thecheckTicket
endpoint until the JSON object returns withisAllowed
set totrue
.
- Check the
- When the
isAllowed
field is set totrue
, make a call to theauthenticateorcreatev2
endpoint with theloginQueuePassToken
included in theauthenticateorcreatev2
request body.
If you enable the devLoginQueueBypass
configuration, skip the above steps. The authenticateorcreatev2
body won’t have the
loginQueuePassToken
. For more information, see Login queue testing and development.
Generate Partner tokens #
Once you have successfully authenticated into Pragma Engine as an Operator, you can generate trusted Partner tokens.
Use Portal #
Partner tokens can be generated for both production and test environments using Portal.
- Access the Game Portal by opening the
10200
port for your game and log in. Use thePragma Unsafe
login for test environments, and one of the verified identity provider logins for production environments. - Open the Services section, and select the Game Server Management page.
- Use the Select a Game Shard dropdown to select the game shard to associate it with the generated Partner token.
- On the Partner Tokens tab, click + Create Tokens to generate Partner tokens for both Game and Social.
Use Postman #
Partner tokens can only be generated for test environments using Postman, because the authentication step uses the Unsafe Provider.
- Send
authenticateorcreatev2
as an Operator. - Send
createpartnertokenV1
with the correctgameShardId
to receive a payload with Partner tokens for both Game and Social.
Game tokens are valid per game shard, and social tokens are valid across the entire Social gateway.