Revision Difference
AuthTokens#551340
<cat>Code.Misc</cat>⤶
<title>Auth Tokens</title>⤶
⤶
# Auth Tokens⤶
⤶
If you are using <page>HTTP</page> requests or <page>Websockets</page> in your game, you can use Auth Tokens to validate that the requests were sent from a valid Steam user in a s&box game session. This is useful if you want to tie data to a specific Steam account, or prevent botting.⤶
⤶
# Generating Tokens⤶
⤶
You can generate a new token with `Sandbox.Services` like so:⤶
⤶
```csharp⤶
var token = await Sandbox.Services.Auth.GetToken( "YourServiceName" );⤶
```⤶
⤶
The token returned will be unique and will be valid for **2 minutes** only, so make sure that you use it in that time.⤶
⤶
# Validating Tokens⤶
⤶
To validate a token on your backend, you need to make a call to the `services.facepunch.com/sbox` API using the `auth/token` endpoint.⤶
⤶
Here is an example of how to validate a token in C# using `System.Net.Http`:⤶
⤶
```csharp⤶
private class ValidateAuthTokenResponse⤶
{⤶
public long SteamId { get; set; }⤶
public string Status { get; set; }⤶
}⤶
⤶
public static async Task<bool> ValidateToken( long steamId, string token )⤶
{⤶
var http = new System.Net.Http.HttpClient();⤶
var data = new Dictionary<string, object>⤶
{⤶
{ "steamid", steamId },⤶
{ "token", token }⤶
};⤶
var content = new StringContent( JsonSerializer.Serialize( data ), Encoding.UTF8, "application/json" );⤶
var result = await http.PostAsync( "https://services.facepunch.com/sbox/auth/token", content );⤶
⤶
if ( result.StatusCode != HttpStatusCode.OK ) return false;⤶
⤶
var response = await result.Content.ReadFromJsonAsync<ValidateAuthTokenResponse>();⤶
if ( response is null || response.Status != "ok" ) return false;⤶
⤶
return response.SteamId == steamId;⤶
}⤶
```⤶
⤶
At some point when receiving the token from the client on your backend you can then validate it as such:⤶
⤶
```csharp⤶
var isValidToken = await ValidateToken( steamId, token );⤶
⤶
if ( isValidToken )⤶
{⤶
Console.WriteLine( "Success!" );⤶
}⤶
```
Garry's Mod
Rust
Steamworks
Wiki Help
S&box