Decode and validate token

Decode and Validate Token

To process the issued external token, you have two options:

  1. Using ChafKit Web API:

    • This method requires a connection between your game server and ChafKit server.
    • You pass the external token and game ID to our ChafKit server.
    • The ChafKit server will decode the token and provide you with the decoded data, which includes user information.
    • If the token is expired or tampered with, ChafKit will respond with an error.
    • This method is suitable if you prefer to rely on ChafKit's server-side processing and don't want to implement token decoding and verification logic on your game server.
  2. Decoding and Verifying the Token Yourself:

    • The external token is a JSON Web Token (JWT).
    • If you have the secret key, which is uniquely generated for each game, you can decode and verify the token.
    • You can access the secret key from the "Manage Game" page on the Chaf Games Developer Platform.
    • By decoding and verifying the token yourself, you have full control over the process and can implement custom logic as needed.
    • This method is suitable if you want to handle token decoding and verification within your game server and prefer not to rely on outgoing network traffic.

You can choose either method based on your requirements and constraints. If you want to minimize outgoing network traffic and have control over the decoding and verification process, the second method is a good choice. On the other hand, if you prefer a convenient solution without the need to implement token processing logic, the first method using ChafKit's Web API can be a suitable option.

Using ChafKit Web API

To decode and validate the external token using ChafKit's Web API, follow the steps below:

  1. Construct the API endpoint URL:

    • The API endpoint URL is:
      https://chafkit.chafgames.com/api/external/auth/v1/profile?gameId=<gameId>&token=<token>
    • Replace <gameId> with your game's unique ID.
    • Replace <token> with the issued external token obtained from the IssueExternalToken API.
  2. Send an HTTP GET request to the API endpoint:

    • Use your preferred method or library to send an HTTP GET request to the constructed API endpoint URL.
  3. Process the API response:

    • The API will respond with a JSON object containing the decoded data, which includes user information.

The response JSON object will have the following fields:

FieldDescription
userIdThe unique identifier for the user.
usernameThe username of the user.
displayNameThe display name of the user.
photoThe URL of the user's profile photo. Note that this field can be nullable.
metaAn object containing additional metadata associated with the user. This can be used for tracking custom data and more.

Example JSON response:

{
  "userId": "8796b94d-df04-481a-be3b-4acc9c06cd05",
  "username": "melodykim",
  "displayName": "Lydian Melody",
  "photo": "https://assets.chafgames.com/profiles/guest/-_es7isWS8RytJPAYcxxM/DALL·E 2022-08-06 01.06.14 - cute giraffe oil painting.png",
  "meta": {}
}

By utilizing ChafKit's Web API, you can securely decode and validate the external token issued by ChafKit, obtaining the user's information for further processing within your game server.

If your token is invalid, it will throw Error with 401 code.

Decoding and Verifying the Token Yourself

To decode and verify the JWT token yourself, you will need the JWT secret key specific to your game. You can retrieve this secret key from the Manage Game page on the Chaf Games Developer Platform.

Please note the following:

  • With the JWT secret key, you can decode and verify the token to access the information contained in the payload.
  • If you encounter any issues or need assistance with processing JWT tokens in your game server, we recommend reaching out to the Chaf Games developer team for support.

Here are examples of how you can decode JWT tokens in different languages:

  • JavaScript: You can use the jsonwebtoken library.
  • Python: You can use the PyJWT library.
  • C#: You can use the System.IdentityModel.Tokens.Jwt namespace.
  • C++: There are libraries available such as jwt-cpp or cpp-jwt.
  • Java: You can use libraries such as jjwt or java-jwt.

Please refer to the documentation or examples provided by the specific libraries for detailed instructions on how to decode and verify JWT tokens in your chosen programming language.

If you need assistance with processing JWT tokens in your game server or have any questions, please feel free to contact the Chaf Games developer team. You can reach out to us by clicking on the round button shown at the bottom right corner of the Chaf Games developer page.