Client authentication
Client Tickets
Client tickets are an integral part of authenticating clients in the 2016 client.
Format
Client tickets follow a specific structure for it to be parsed by RCC. Client tickets utilize script signing, so make sure you have a private key to sign these with.
First off, there are two signatures that are combined and then sent to RCC. The first signature's format is as follows:
userid username charapp url jobid unix timestamp
(keep in mind: replace the newlines with \n
)
The second signature's format is as follows:
userid jobid unix timestamp
(keep in mind: replace the newlines with \n
)
And after creating those two signatures, you have to sign those two signatures individually. Using [PHP], you could use [openssl_sign] to sign these using the OPENSSL_ALGO_SHA1
algorithm.
After signing those two signatures, you are at the final step. Assemble the ticket that will be sent to RCC by using this format:
unix timestamp;base64 encoded first signature;base64 encoded second signature
After you create the client ticket, you can pass it along in the joinscript.
Notice
You MUST use the SetIsPlayerAuthenticationRequired
(under the NetworkServer
service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check.
pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)