Client authentication
Client tickets are an integral part of authenticating clients in the 2016 client.
Format
Client tickets follow a specific structure for it to be parsed by RCCService.
| Entry Type | User ID | Username | Character Appearance URL | Job ID | Unix Timestamp |
|---|---|---|---|---|---|
| Entry Value | 1 | "Player" | "https://roblox.com/charapp-whatever-lol" | 1 | 1138516781 |
| Entry Type | User ID | Job ID | Unix Timestamp |
|---|---|---|---|
| Entry Value | 1 | 1 | 1138516781 |
Entries in both tables are delimited by a newline character. For example, Signature 1 would look like this when encoded;
1 Player https://roblox.com/charapp-whatever-lol 1 1138516781
These signatures are then signed using the SHA-1 algorithm. The ClientTicket property requires that its signatures be encoded in another format which is delimited by semicolons.
| Entry Type | Unix Timestamp | Signature 1, SHA-1 then Base64 encoded | Signature 2, SHA-1 then Base64 encoded |
|---|---|---|---|
| Entry Value | 1138516781 | Signature 1 | Signature 2 |
When encoded, it would most likely look something like
1138516781;Signature 1 SHA-1, encoded in Base64;Signature 2 SHA-1, encoded in Base64
After you create the client ticket, you can pass it along in the joinscript under the ClientTicket property.
Notice
You MUST use the SetIsPlayerAuthenticationRequired (under the NetworkServer service) method in your hostscript. You must set it to true, as it is disabled by default. If you have this disabled, it will skip the entire clientticket check.
pcall(function() game:GetService("NetworkServer"):SetIsPlayerAuthenticationRequired(true) end)