Retrieving Player Info from Remote Services (Dedicated Server Login)

Hi All,

I’m trying to figure out a way to defer a response to a Login request to my GameMode.

In the flow I have I need to introduce a delay so I can call off to another server and get info about the user before I spawn them or let them login.

Basically, I have a bunch of dedicated servers already running, and an online “platform” which is managing the various instances of the Unreal server. A player can join any of the running unreal servers after being directed there by the platform. The unreal server then needs to make a REST call into the platform to verify the handoff and get the user/character info.

From what I can tell, PreLogin, Login PostLogin and SpawnDefault etc must return immediately with a success or failure case.

Obviously I don’t want to block in any of those methods, as it will cause my server to stall while the request is processed.

I’ve attached a flow diagram to give you an idea of the flow I’d like to use.

I am not sure if I am even concentrating in the right area, is there another place I should be performing these kind of actions?

Has anyone had any success doing something similar like this before? It seems like something that would be a common flow for any persistent online style game where character information needs retrieving from another service or database.

I am wondering if Fortnite does anything like this, as it seems to have the same need.


I guess no one has had this kind of problem or found a solution?
I’d really like to figure out how to resolve this.

One way to handle these things:

  • Player logs into the online service in the client
  • The online service returns a unique id for that player and an authentication token
  • The unique id and token are used by the dedicated server to verify with the online service

One thing that you can do in your online service is make sure that each dedicated server is generating their own unique information (nonce - number used once, token, etc.) that is part of the published data for that dedicated server instance. Then the server can quickly validate that the client joined from the online service information because the unique info can be verified and only have been supplied from the online service. If you change this number often enough, it won’t be subject to various types of timing related spoofing attempts. Xbox Live uses something similar, but with the addition of a encrypted networking layer.

Make sure you’re using SSL for all of your REST communication for both privacy of your players and to make man-in-the-middle attacks harder

If you have your online service id and token as part of the login and they have information that could only come from the online service (nonce, server token, etc.), then you can assume for a bit that the user is legit, so accept the login request and kick off an async request to validate they are legit/read their data. Once that data comes back, then you can spawn them into the game. Until you have that data, just make them spectators or whatever fits your game design.

Hi Joe,

Thanks for your answer.
That’s how I was planning to handle it, but I don’t see how I can verify the token before the player login without causing a stall in the server.

PreLogin (and similar) expect a success/failure immediately so I could only call the service synchronously, which seems like a clearly bad idea.

Do you have any suggestions on where in the flow I can actually verify that token and get the character information?
Ideally I want something like the match state that is asynchronous in nature.


Ah, that makes sense.
Putting them in spectator mode seems obvious in retrospect and should work just fine.

Thanks for your help!