Client authentication: Difference between revisions

From LRREW
Jump to navigation Jump to search
No edit summary
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Client Tickets ==
Client tickets are an integral part of authenticating clients in the [[2016:Main_Page|2016]] client.  
Client tickets are an integral part of authenticating clients in the [[2016:Main_Page|2016]] client.  


== Format ==
== Format ==
Client tickets follow a specific structure for it to be parsed by RCC. Client tickets utilize script signing, so make sure you have a private key to sign these with.
Client tickets follow a specific structure for it to be parsed by [[RCCService]].  


First off, there are two signatures that are combined and then sent to RCC. The first signature's format is as follows:
{| class="wikitable"
|+ Signature 1 format
|-
! Entry Type !! User ID !! Username !! Character Appearance URL !! Job ID !! Unix Timestamp
|-
! Entry Value
| 1 || "Player" || "https://roblox.com/charapp-whatever-lol" || 1 || 1138516781
|}


userid
{| class="wikitable"
username
|+ Signature 2 format
charapp url
|-
jobid
! Entry Type !! User ID !! Job ID !! Unix Timestamp
unix timestamp
|-
! Entry Value
| 1 || 1 || 1138516781
|}


''(keep in mind: replace the newlines with <code>\n</code>)''
Entries in both tables are delimited by a newline character. For example, Signature 1 would look like this when encoded;


The second signature's format is as follows:
1
Player
https://roblox.com/charapp-whatever-lol
1
1138516781


userid
These signatures are then signed using the SHA-1 algorithm. The ClientTicket property requires that its signatures be encoded in another format which is delimited by semicolons.
jobid
unix timestamp


''(keep in mind: replace the newlines with <code>\n</code>)''
{| class="wikitable"
|+ Final signature format
|-
! Entry Type !! Unix Timestamp !! Signature 1, SHA-1 then Base64 encoded !! Signature 2, SHA-1 then Base64 encoded
|-
! Entry Value
| 1138516781 || ''Signature 1'' || ''Signature 2''
|}


And after creating those two signatures, you have to sign those two signatures individually. Using [[https://php.net/ PHP]], you could use [[https://www.php.net/manual/en/function.openssl-sign.php openssl_sign]] to sign these using the <code>OPENSSL_ALGO_SHA1</code> algorithm.
When encoded, it would most likely look something like


After signing those two signatures, you are at the final step. Assemble the ticket that will be sent to RCC by using this format:
1138516781;''Signature 1 SHA-1, encoded in Base64'';''Signature 2 SHA-1, encoded in Base64''


unix timestamp;base64 encoded first signature;base64 encoded second signature
After you create the client ticket, you can pass it along in the [[2016:Joinscripts|joinscript]] under the ClientTicket property.
 
After you create the client ticket, you can pass it along in the [[2016:Joinscripts|joinscript]].


=== Notice ===
=== Notice ===
You MUST use the <code>SetIsPlayerAuthenticationRequired</code> (under the <code>NetworkServer</code> service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check.
You MUST use the <code>SetIsPlayerAuthenticationRequired</code> (under the <code>[[NetworkServer]]</code> service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check.


  {{code|lang=lua |pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)}}
  {{code|lang=lua |pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)}}

Latest revision as of 02:30, 2 July 2023

Client tickets are an integral part of authenticating clients in the 2016 client.

Format

Client tickets follow a specific structure for it to be parsed by RCCService.

Signature 1 format
Entry Type User ID Username Character Appearance URL Job ID Unix Timestamp
Entry Value 1 "Player" "https://roblox.com/charapp-whatever-lol" 1 1138516781
Signature 2 format
Entry Type User ID Job ID Unix Timestamp
Entry Value 1 1 1138516781

Entries in both tables are delimited by a newline character. For example, Signature 1 would look like this when encoded; 

1
Player
https://roblox.com/charapp-whatever-lol
1
1138516781

These signatures are then signed using the SHA-1 algorithm. The ClientTicket property requires that its signatures be encoded in another format which is delimited by semicolons.

Final signature format
Entry Type Unix Timestamp Signature 1, SHA-1 then Base64 encoded Signature 2, SHA-1 then Base64 encoded
Entry Value 1138516781 Signature 1 Signature 2

When encoded, it would most likely look something like 

1138516781;Signature 1 SHA-1, encoded in Base64;Signature 2 SHA-1, encoded in Base64

After you create the client ticket, you can pass it along in the joinscript under the ClientTicket property.

Notice

You MUST use the SetIsPlayerAuthenticationRequired (under the NetworkServer service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check. 

pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)
Retrieved from "https://lrre.wiki/?title=Client_authentication&oldid=1551"