authentication.md

Authentication

Authentication APIs provide utilities to authenticate a Steam user's identity and verify ownership of an application.

Note: Authentication APIs are required an extra dynamic library. Please copy sdkencryptedappticket.dll/libsdkencryptedappticket.dylib/libsdkencryptedappticket.so from Steamworks SDK (<steam_sdk-path>/public/steam/lib/) to your application directory <greenworks>/lib.

var greenworks = require('./greenworks');

greenworks.init();

greenworks.getEncryptedAppTicket('test_content', function(ticket) {
  console.log("ticket: " + ticket.toString('hex'));
  // Specify the secret key.
  var key = new Buffer(32);
  // TODO: you must initialize Buffer key with the secret key of your game here,
  // e.g. key = new Buffer([0x0a, ..., 0x0b]).
  assert(key.length == greenworks.EncryptedAppTicketSymmetricKeyLength)
  var decrypted_app_ticket = greenworks.decryptAppTicket(ticket, key);
  if (decrypted_app_ticket) {
    console.log(greenworks.isTicketForApp(decrypted_app_ticket,
                greenworks.getAppId()));
    console.log(greenworks.getTicketAppId(decrypted_app_ticket));
    console.log(greenworks.getTicketSteamId(decrypted_app_ticket));
    console.log(greenworks.getTicketIssueTime(decrypted_app_ticket));
  }
}, function(err) { throw err; });

Methods

greenworks.getAuthSessionTicket(success_callback, [error_callback])

• success_callback Function(ticket)
  • ticket Object:
    • ticket Buffer: The ticket value.
    • handle Integer: The handle value returned from the ticket.
• error_callback Function(err)

Retrieve ticket to be sent to the entity who wishes to authenticate you.

The ticket buffer can be used like ticket.toString('hex') for the Web API ISteamUserAuth/AuthenticateUserTicket to securely obtain an authenticated Steam ID from your game server. The handle is needed to invalidate the ticket after if it has not been used.

Note that the tickets generated by this function become invalid once the process that creates them dies. If you are creating tickets in some temporary processes, make sure that these tickets stay alive until authentication is over!

greenworks.cancelAuthTicket(ticket_handle)

• ticket_handle Integer: The handle value returned from the ticket.

Invalidates a requested session ticket.

greenworks.getEncryptedAppTicket(user_data, success_callback, [error_callback])

• user_data String: Arbitrary data that will be encrypted into the ticket. This will be utf-8 encoded when stored in the ticket.
• success_callback Function(encrypted_ticket)
  • encrypted_ticket Buffer: The encrypted ticket.
• error_callback Function(err)

Encrypted tickets can be used to obtain authenticated Steam IDs from clients without requiring network requests to Steam's API servers. These tickets can be decrypted using your Encrypted App Ticket Key. Once decrypted, the user's Steam ID, App ID, and VAC ban status can be read from the ticket using the Steamworks Encrypted App Ticket library provided in the SDK.

greenworks.decryptAppTicket(encrypted_ticket, decryption_key)

• encrypted_ticket Buffer: The encrypted ticket.
• decryption_key Buffer: The secret key for decryption. The length of the key should be greenworks.EncryptedAppTicketSymmetricKeyLength.

Decrypt the encrypted app ticket with your decryption key. Returns a Buffer represents the decrypted ticket if succeeds; otherwise returns a Null.

greenworks.isTicketForApp(decrypted_ticket, app_id)

• decrypted_ticket Buffer: The decrypted ticket.
• app_id Integer: The id for the app.

Returns a Boolean indicates whether the decrypted ticket is for the app.

greenworks.getTicketIssueTime(decrypted_ticket)

• decrypted_ticket Buffer: The decrypted ticket.

Returns an Integer represents the ticket issue time.

greenworks.getTicketSteamId(decrypted_ticket)

• decrypted_ticket Buffer: The decrypted ticket.

Returns an SteamID object represents the steam id of the ticket.

greenworks.getTicketAppId(decrypted_ticket)

• decrypted_ticket Buffer: The decrypted ticket.

Returns an Integer represents app id of the ticket.