Idem directly integrates with Discord for player authorization in player-based architectures. This allows to verify that clients are submitting the correct player to matchmaking.
Setup
There are two parts to setting up player authorization via Discord.
- Implementation on the game client side
- Configuration on the Idem side
We recommend to first implement the game client side and then configure Idem afterwards. As none of the client side steps will impact the acceptance of connections while the Discord authorization is not yet configured in Idem, this allows you to safely update the clients and then turn on the Idem side when you are ready.
Game client implementation
Opening the websocket
For authorization via Discord, the request to open the websocket connection from your game client must include an authorization parameter using the following format:
DiscordAccessToken <discord_access_token_for_the_user>
This replaces the default value Demo described in the Setting up player based article. You can learn more about how to obtain an access token in the Discord documentation.
Additionally, you must use players' Discord ID for the playerId you use to open the websocket.
Overall, this leads to the following URL and parameters for the WebSocket:
URL = WEBSOCKET_API_URL/?playerId=PLAYER_ID&code=JOIN_CODE&authorization=AUTHORIZATIONWEBSOCKET_API_URL: The base URL for websocket connections, e.g.wss://ws.sandbox-1.idem.gg(see websocket for more info)PLAYER_ID: Discord User ID of the player signed in to Discord on the clientJOIN_CODE: Idem join code for the game mode (see Setting up player based)AUTHORIZATION:DiscordAccessToken <Discord Access Token>(Note the whitespace in the middle)
addPlayer requests
In order to avoid spoofing attacks where a user opens a WebSocket with on account but is trying to play with another, you also must use players' Discord ID as the playerId for addPlayer submissions after the websocket is successfully opened. This allows us to check if the authenticated and thereby from our perspective authorized player is the player to be submitted to the matchmaking queue from the websocket client.
Idem configuration
To validate the Discord access token and obtain the related Discord ID, Idem uses Discord’s APIs. The integration has to be enabled once for your account.
To have this enabled, please reach out to match@idem.gg. The ability to do so yourself will be added to the Idem console for self-service soon.
Behavior
Once player authorization via Discord is configured, Idem will validate the access token whenever a client tries to open up a new websocket connection. The connection will be rejected with a 403 error if the access token cannot be validated through the Discord API or no DiscordAccessToken was provided in the authorization parameter at all.
If the validation is successful, Idem will accept the websocket connection request. After that, Idem will check for each addPlayer request that the player_id submitted is equivalent to the Discord ID retrieved via the access token. If this is not the case, Idem will reject the addPlayer request.