AuthToken

Overview

The AuthToken parameter must be sent in the game launcher as authToken. It must be generated with some authentication system and will be used by GPAS to validate when creating a wallet session.

Format

The AuthToken must have a maximum length of 100 characters.

Purpose

The AuthToken serves several important functions:

Authentication: Verifies the identity of the player
Authorization: Ensures that the player has permission to access the game
Session Creation: Used to create a wallet session in the GPAS system
Security: Prevents unauthorized access to games and player balances

Generation

The AuthToken should be generated by the operator’s authentication system. The exact method of generation may vary depending on the operator’s system, but it should follow these guidelines:

Uniqueness: Each token should be unique for each player session
Expiration: The token should have a limited lifetime
Security: The token should be generated using secure cryptographic methods
Validation: The token should contain information that can be validated by the operator’s system

Implementation

When implementing the AuthToken:

Generate the token when the player selects a game to play
Include the token in the game launcher URL as a query string parameter
Ensure that the token is properly URL-encoded
Implement proper error handling for invalid or expired tokens

Example

https://subdomain.example.com/launcher/game/?authToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&walletId=wallet123

Security Considerations

Transport Security: Always use HTTPS to transmit the AuthToken
Token Lifetime: Set a reasonable expiration time for the token
Token Storage: Do not store the token in cookies or local storage
Token Validation: Validate the token on both the client and server side
Error Handling: Implement proper error handling for invalid or expired tokens