I’m trying to figure out a way to defer a response to a Login request to my GameMode.
In the flow I have I need to introduce a delay so I can call off to another server and get info about the user before I spawn them or let them login.
Basically, I have a bunch of dedicated servers already running, and an online “platform” which is managing the various instances of the Unreal server. A player can join any of the running unreal servers after being directed there by the platform. The unreal server then needs to make a REST call into the platform to verify the handoff and get the user/character info.
From what I can tell, PreLogin, Login PostLogin and SpawnDefault etc must return immediately with a success or failure case.
Obviously I don’t want to block in any of those methods, as it will cause my server to stall while the request is processed.
I’ve attached a flow diagram to give you an idea of the flow I’d like to use.
I am not sure if I am even concentrating in the right area, is there another place I should be performing these kind of actions?
Has anyone had any success doing something similar like this before? It seems like something that would be a common flow for any persistent online style game where character information needs retrieving from another service or database.
I am wondering if Fortnite does anything like this, as it seems to have the same need.
The online service returns a unique id for that player and an authentication token
The unique id and token are used by the dedicated server to verify with the online service
One thing that you can do in your online service is make sure that each dedicated server is generating their own unique information (nonce - number used once, token, etc.) that is part of the published data for that dedicated server instance. Then the server can quickly validate that the client joined from the online service information because the unique info can be verified and only have been supplied from the online service. If you change this number often enough, it won’t be subject to various types of timing related spoofing attempts. Xbox Live uses something similar, but with the addition of a encrypted networking layer.
Make sure you’re using SSL for all of your REST communication for both privacy of your players and to make man-in-the-middle attacks harder
If you have your online service id and token as part of the login and they have information that could only come from the online service (nonce, server token, etc.), then you can assume for a bit that the user is legit, so accept the login request and kick off an async request to validate they are legit/read their data. Once that data comes back, then you can spawn them into the game. Until you have that data, just make them spectators or whatever fits your game design.