Re authenticating after a token expires results in a success callback with an expired token provided again.

[brendenfrank]

If the session is expired and we fail to restore the session. Calling authenticate results in the same expired token provided. We wrote code to detect expired tokens, which either refreshes or attempts to reauthenticate, it is unfortunately resulting in an infinite loop of failure. Any thoughts?

[2022.05.06-20.34.31:385][ 41]LogTemp: Warning: [Nakama] Initializing... [bIsDedicated = false]
[2022.05.06-20.34.31:411][ 42]LogOnlineIdentity: STEAM: Obtained steam authticket
[2022.05.06-20.34.31:511][ 42]LogTemp: Warning: [Nakama] authenticating with token: 1400000071C9C51057C22423E8E3D90E01001001B0857562180000000100000002000000B96FF1BDEE2E063B942C0700A9010000B20000003200000004000000E8E3D90E010010019C7E1C009BD7863C1203A8C0000000002FF17462AFA0906201006B400A00000000000EF8934F85EED508C47565BB397ACB54C720BB4EE5EB1724A42351E40C11AA0059F0BBADBAF44937154A473F43AEC8BAC3D90A5F72E5B3F22ACB52435A7796F073EBDD9466136FA7F70AD01AFAA3419A6BBD3F90AD8329E48CF87C2E44A571B417391C351C19A58FA5D814876F5D62277918ED1E65A66E39F7D0D0B60552ADE2
[2022.05.06-20.34.31:913][ 91]LogTemp: Warning: [Nakama] session token acquired: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIyNjVhYTRjMC0xMjA5LTRiYTItOTJmMy1jNTk0MTE2NWNmNWUiLCJ1c24iOiLpto_nmq7jgoLjgoIiLCJleHAiOjE2NTI0NzQwOTR9.AICRxGKRwsfE5aEhV_olrdqyEMFzOVlApQgQcv5cAyw
[2022.05.06-20.34.31:913][ 91]LogTemp: Warning: [Nakama] eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIyNjVhYTRjMC0xMjA5LTRiYTItOTJmMy1jNTk0MTE2NWNmNWUiLCJ1c24iOiLpto_nmq7jgoLjgoIiLCJleHAiOjE2NTI0NzQwOTR9.AICRxGKRwsfE5aEhV_olrdqyEMFzOVlApQgQcv5cAyw
[2022.05.06-20.34.31:913][ 91]LogTemp: Warning: [Nakama] 
[2022.05.06-20.34.31:914][ 91]LogTemp: Warning: [Nakama] 
[2022.05.06-20.34.31:914][ 91]LogTemp: Warning: [Nakama] Session has expired: yes
[2022.05.06-20.34.31:914][ 91]LogTemp: Warning: [Nakama] Session expires at: 0
[2022.05.06-20.34.31:914][ 91]LogTemp: Warning: [Nakama] Session created at: 1651869271913
[2022.05.06-20.34.31:920][ 92]LogTemp: Warning: [Nakama] Auth token expired, restoring session....
[2022.05.06-20.34.31:920][ 92]LogTemp: Warning: [Nakama] Restore session failed, beginning re-authentication.
[2022.05.06-20.34.31:920][ 92]LogOnlineIdentity: STEAM: Obtained steam authticket
[2022.05.06-20.34.32:021][ 92]LogTemp: Warning: [Nakama] authenticating with token: 14000000B084F06ED08C7D2AE8E3D90E01001001B0857562180000000100000002000000C9A048313340CF76922E0700AA010000B20000003200000004000000E8E3D90E010010019C7E1C009BD7863C1203A8C0000000002FF17462AFA0906201006B400A00000000000EF8934F85EED508C47565BB397ACB54C720BB4EE5EB1724A42351E40C11AA0059F0BBADBAF44937154A473F43AEC8BAC3D90A5F72E5B3F22ACB52435A7796F073EBDD9466136FA7F70AD01AFAA3419A6BBD3F90AD8329E48CF87C2E44A571B417391C351C19A58FA5D814876F5D62277918ED1E65A66E39F7D0D0B60552ADE2
[2022.05.06-20.34.32:235][119]LogOnline: OSS: EOSSDK-LogEOS: SDK Config Platform Update Request Successful, Time: 0.842598
[2022.05.06-20.34.32:236][119]LogOnline: OSS: EOSSDK-LogEOSAnalytics: Start Session (User: ...)
[2022.05.06-20.34.32:237][119]LogOnline: OSS: EOSSDK-LogEOS: Updating Product SDK Config, Time: 0.851849
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] session token acquired: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIyNjVhYTRjMC0xMjA5LTRiYTItOTJmMy1jNTk0MTE2NWNmNWUiLCJ1c24iOiLpto_nmq7jgoLjgoIiLCJleHAiOjE2NTI0NzQwOTR9.AICRxGKRwsfE5aEhV_olrdqyEMFzOVlApQgQcv5cAyw
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIyNjVhYTRjMC0xMjA5LTRiYTItOTJmMy1jNTk0MTE2NWNmNWUiLCJ1c24iOiLpto_nmq7jgoLjgoIiLCJleHAiOjE2NTI0NzQwOTR9.AICRxGKRwsfE5aEhV_olrdqyEMFzOVlApQgQcv5cAyw
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] 
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] 
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] Session has expired: yes
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] Session expires at: 0
[2022.05.06-20.34.32:544][156]LogTemp: Warning: [Nakama] Session created at: 1651869272544
[2022.05.06-20.34.32:553][157]LogTemp: Warning: [Nakama] Auth token expired, restoring session....
[2022.05.06-20.34.32:553][157]LogTemp: Warning: [Nakama] Restore session failed, beginning re-authentication.

    auto successCallback = [=](NakamaWrapper::NSessionPtr session)
    {
        NakamaAuthToken = session->getAuthToken();
        NakamaSession = session;

        UE_LOG(LogTemp, Warning, TEXT("[Nakama] session token acquired: %s"), UTF8_TO_TCHAR (NakamaAuthToken.c_str()));
        UE_LOG(LogTemp, Warning, TEXT("[Nakama] %s"), UTF8_TO_TCHAR (session->getAuthToken().c_str())); // raw JWT token
        UE_LOG(LogTemp, Warning, TEXT("[Nakama] %s"), UTF8_TO_TCHAR (session->getUserId().c_str()));
        UE_LOG(LogTemp, Warning, TEXT("[Nakama] %s"), UTF8_TO_TCHAR (session->getUsername().c_str()));
        FString SessionExpired = session->isExpired() ? "yes" : "no";
        UE_LOG(LogTemp, Warning, TEXT("[Nakama] Session has expired: %s"), *SessionExpired);
        UE_LOG(LogTemp, Warning, TEXT("[Nakama] Session expires at: %llu"), session->getExpireTime());
        UE_LOG(LogTemp, Warning, TEXT("[Nakama] Session created at: %llu"), session->getCreateTime());

        if(bFirstRun)
        {
            OnNakamaConnected.Broadcast();
            bFirstRun = false;
        }
    };

        UE_LOG(LogTemp, Warning, TEXT("[Nakama] authenticating with token: %s"), *AuthToken);
    NakamaClient->authenticateSteam(std::string(TCHAR_TO_UTF8(*AuthToken)), std::string(TCHAR_TO_UTF8(*NickName)), true, {}, successCallback, errorCallback);

[novabyte]

@brendenfrank We've assigned an engineer to investigate the issue. It's possible that its a regression in the game server rather than in the Unreal SDK but we'll follow up shortly with a resolution.

[brendenfrank]

Please let us know if you discover any type of work-around in the interim. We discovered this in our open beta and unfortunately a number of players simply cannot access the game's services and are locked out.

[novabyte]

@brendenfrank There's a very simple workaround which you can use in the meantime. Just increase the two parameters in the server which control the valid lifetime of the session and refresh tokens:

• "session.token_expiry_sec" - Set it to a very large value like 7776000 (90 days).
• "session.refresh_token_expiry_sec" - Set it to a multiple of the "session.token_expiry_sec" value like 15552000 (180 days).

When we have a resolution for this bug you can just rotate the "session.encryption_key" which invalids all the old tokens.

https://heroiclabs.com/docs/nakama/getting-started/configuration/#session

[brendenfrank]

Unfortunately that workaround was not successful. We applied the changes but the user is still reporting the same issue. I suspect because the token has already been marked as expired, and thus remains in the stuck loop. One user resolved the issue by making a new steam account, which is no surprise since the token is associated to the account.

If you have any other suggestions for work arounds we're all ears!

[novabyte]

@brendenfrank Can the user go to their local save location and wipe the save data which would be where the session and refresh tokens are stored? Perhaps there's a button in your game's settings UI to perform this function?

On development platforms, saved game files use the .sav extension and appear in the project's Saved\SaveGames folder. On other platforms, particularly consoles, this varies to accommodate the specific file system.

[brendenfrank]

We don't store the user's token to their save file. We request a fresh one when they start the application so there's nothing for us to clear.

[novabyte]

@brendenfrank I think I'm a bit lost on the issue. If you don't cache session or refresh tokens and you adjusted the values to be much higher in the server configuration as suggested above as a workaround I can't see any reason why the player should not just be able to close your game locally. When they open the game and authenticate through Steam for the play session they'll use the long lived tokens configured on the server.

Would you be able to send an email to us and we can speak on a call in the week?

[brendenfrank]

We are calling "authenticate" when the client loads in an attempt to procure a fresh session. Unfortunately an expired token is provided from the authentication process. Even if the client is rebooted, or the machine is restarted, the authenticate function returns the same expired token.

I'm speculating, but reason the longer expiry probably isn't working is because the token provided by authenticate has already expired, and for some reason is still being supplied when called. The only way we've been able to get a user to work around this was to make a fresh steam account, which forces the authenticate function to return a new token. That workaround isn't very ideal however since making a new steam account essentially means re-buying the game if we weren't in a beta where the app were free.

Hopefully that makes more sense. I can be reached at brenden@blueislestudios.com.

[brendenfrank]

Hey Chris,

Appreciate the call last week. I just wanted to follow up and see if you were you able to find the correct api call for token refreshes.

Thanks,

Brenden

Sent from my iPhone

On May 8, 2022, at 5:13 AM, Chris Molozian @.***> wrote:

 @brendenfrank I think I'm a bit lost on the issue. If you don't cache session or refresh tokens and you adjusted the values to be much higher in the server configuration as suggested above as a workaround I can't see any reason why the player should not just be able to close your game locally. When they open the game and authenticate through Steam for the play session they'll use the long lived tokens configured on the server.

Would you be able to send an email to us and we can speak on a call in the week?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.

[novabyte]

Thanks @brendenfrank we've followed up over email with you.