Authentication Service¶
The AGI's REST-based Authentication Service provides two primary functions. First, it allows game studios who host their own content with Armor Games to securely access Armor Games user data. Secondly, it provides the ability for game studios to validate the authenticity of a given user. Validating every game request with the Authentication Service is key in accessing the latest user data and ensuring the validity of the user.
Authentication Flow (iframe)¶
- User loads the play page from armorgames.com web server.
- An embedded iframe on the play page makes a request to the game studios web servers to load game content. The iframe request includes two GET parameters:
user_id
- The current user's ID.auth_token
- A temporary authentication token that will be used to access user data.
- The game studio's web server makes a secure request to Armor Games services to retrieve user data. This request includes 3 GET parameters:
user_id
- The user ID received from the iframe request.auth_token
- The authentication token received from the iframe request.api_key
- The API key that corresponds to the current game.
- If all parameters are valid and the authentication token has not expired, the Armor Games service returns user data in JSON or XML format.
Iframe Request Structure¶
External games are loaded via an iframe within the armorgames.com site. The URI loaded is specified by the Game Studio prior to game launch. If a user is logged in then the following query string parameters will be added to the Game Studios' URI request.
Name | Description |
---|---|
user_id | 32 hexadecimal digits (md5) The unique and consistent ID of the current user |
auth_token | 32 hexadecimal digits (md5) A temporary authentication token that can be used to access the user's data |
URI¶
GET https://services.armorgames.com/services/rest/v1/authenticate/user.json
Parameters¶
Requests to the Authentication service require the following parameters.
Name | Description |
---|---|
user_id | 32 hexadecimal digits (md5) The unique and consistent ID of the current user. |
auth_token | 32 hexadecimal digits (md5) A temporary authentication token that can be used to access the user's data. |
api_key | 32 hexadecimal digits (UUID) An access key is unique to each game. |
Response¶
The following is the response to a successful request to the Authentication Service.
{
"version": 1,
"code": 200,
"message": "OK",
"payload": {
"uid": "79054025255fb1a26e4bc422aef54eb4",
"username": "JohnDoe"
}
}
The following is a response for a token that is invalid or expired. Notice that the payload value is null
. This is the keyto determining if the user is authenticated. The message property will give a hint as to the current condition.
{
"version": 1,
"code": 200,
"message": "Either the user is not logged in or the authentication token has expired",
"payload": null
}
Authentication Testing¶
Developers can test their API key and server code prior to game launch.
- Login to the Armor Games website.
- While logged in, visit the Token Generation Service:
https://armorgames.com/service/user-auth-token-generator/{{ game_id }}
- Replace the
{{ game_id }}
token in the URL path with your Armor Games Game ID (Don't know it? Contact [developers@armorgames.com] and we'll help you out!). You will see a response that is structured like the following:
{
"status": true,
"game_id": "123",
"uid": "e563ebd827f5ceb25000df75cb81748d",
"token": "6c1779b5dec8048c334dea46b1bc2de4",
"created_on": 1337817765,
"expires_on": 1337818065,
"duration": 0.032696008682251
}
- Copy the value from the
uid
property and use that for theuser_id
parameters. Use the value of thetoken
property as theauth_token
parameter. With these two values and your API key, you can now make a service call and fetch your own user data. Note that authentication tokens only last for a short time. However, you can always request another via the Token Generator Service.