Looking at the source for GetAuthToken in the OnlineIdentityInterface for Steam (from 4.26 to 5.0.3) it looks like there’s a small sleep to allow Steam’s login server to catch up:
// In release builds our code checks the authTicket faster than Steam's login server can save it // Added a small amount of sleep here so the ResultToken is valid by the time this call returns
Steam’s docs say that the proper way to handle this is to subscribe to the GetAuthSessionTicketResponse_t callback instead. One of the game teams we support has noticed Steam auth errors that seem related to this sleep. Is there a reason to use this sleep over integrating GetAuthSessionTicketResponse_t ?