Client authentication: Difference between revisions
m (Change username to generic name) |
No edit summary |
||
Line 49: | Line 49: | ||
=== Notice === | === Notice === | ||
You MUST use the <code>SetIsPlayerAuthenticationRequired</code> (under the <code>[[ | You MUST use the <code>SetIsPlayerAuthenticationRequired</code> (under the <code>[[NetworkServer]]</code> service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check. | ||
{{code|lang=lua |pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)}} | {{code|lang=lua |pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)}} |
Revision as of 23:27, 1 July 2023
Client Tickets
Client tickets are an integral part of authenticating clients in the 2016 client.
Format
Client tickets follow a specific structure for it to be parsed by RCCService.
Entry Type | User ID | Username | Character Appearance URL | Job ID | Unix Timestamp |
---|---|---|---|---|---|
Entry Value | 1 | "Player" | "https://roblox.com/charapp-whatever-lol" | 1 | 1138516781 |
Entry Type | User ID | Job ID | Unix Timestamp |
---|---|---|---|
Entry Value | 1 | 1 | 1138516781 |
Entries in both tables are delimited by a newline character. For example, Signature 1 would look like this when encoded;
1 Player https://roblox.com/charapp-whatever-lol 1 1138516781
These signatures are then signed using the SHA-1 algorithm. The ClientTicket property requires that its signatures be encoded in another format which is delimited by semicolons.
Entry Type | Unix Timestamp | Signature 1, SHA-1 encoded | Signature 2, SHA-1 encoded |
---|---|---|---|
Entry Value | 1138516781 | Signature 1 | Signature 2 |
When encoded, it would most likely look something like
1138516781;Signature 1 SHA-1;Signature 2 SHA-1
After you create the client ticket, you can pass it along in the joinscript under the ClientTicket property.
Notice
You MUST use the SetIsPlayerAuthenticationRequired
(under the NetworkServer
service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check.
pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)