Idem directly integrates with Steam for player authorization in player-based architectures. This allows Idem to check if clients submitting players to the matchmaking queue should be permitted to do so.
Setup
There are two parts to setting up player authorization via Steam.
- Implementation on the game client side
- Configuration on the Idem side
We recommend to first implement the game client side and then configure Idem afterwards. As none of the client side steps will impact the acceptance of connections while the Steam authorization is not yet configured in Idem, this allows you to safely update the clients and then turn on the Idem side when you are ready.
Game client implementation
Opening the websocket
For authorization via Steam, the request to open the websocket connection from your game client must include an authorization
parameter using the following format:
SteamAuthTicket <steam_auth_ticket_for_the_user>
This replaces the default value Demo
described in the Setting up player based article. You can learn more about how to obtain an auth ticket incl. setting the pchIdentity
in the Steam documentation for this flow. The parameter will become relevant for the Idem configuration.
Additionally, you must use players' Steam ID
for the playerId
you use to open the websocket.
Overall, this leads to the following URL and parameters for the WebSocket:
URL = WEBSOCKET_API_URL/?playerId=PLAYER_ID&code=JOIN_CODE&authorization=AUTHORIZATION
WEBSOCKET_API_URL
: The base URL for websocket connections, e.g.wss://ws.sandbox-1.idem.gg
(see websocket for more info)PLAYER_ID
: Steam ID of the player signed in to Steam on the clientJOIN_CODE
: Idem join code for the game mode (see Setting up player based)AUTHORIZATION
:SteamAuthTicket <Player's AuthTicketForWebApi>
(Note the whitespace in the middle)
addPlayer requests
In oder to avoid spoofing attacks where a user opens a WebSocket with on account but is trying to play with another, you also must use players' Steam ID
as the playerId
for addPlayer
submissions after the websocket is successfully opened. This allows us to check if the authenticated and thereby from our perspective authorized player is the player to be submitted to the matchmaking queue from the websocket client.
Idem configuration
To be able to validate the auth and obtain the related Steam ID
using the Steam Web API, a publisher API key for your game needs to be configured within Idem.
You can find more information about creating a publisher API key in the Steam documentation.
Additionally, the pchIdentity
you are using to create the auth tickets needs to be configured within Idem as this is needed as an additional parameter to validate the auth ticket using the Steam Web API. This parameter can also be left blank, but we strongly recommend to use for added security.
To configure these parameters and turn on Steam authorization, please reach out to match@idem.gg. They ability to do so yourself will be added to the Idem console for self-service soon.
Steam specifies a rate limit of 100,000 requests per day for their Web API. If you expect to exceed this limit with your game, we recommend you request an increase of the limit at Steam or reach out to match@idem.gg so we can set up an alternative approach for you.
Behavior
Once player authorization via Steam is configured, Idem will validate the auth token whenever a client tries to open up a new websocket connection. The connection will be rejected with a 403
error, if the auth token can not be validated through the Steam Web API or no SteamAuthTicket
was provided in the authorization parameter at all.
If the validation is successful, Idem will accept the websocket connection request. After that, Idem will check for each addPlayer
request, that the player_id
submitted is equivalent to the steam_id
retrieved via the auth token. If this is not the case, Idem will reject the addPlayer
request.