Add google credentials flag to Nakama Configuration

According to documentation’s this section I must setup google_play_auth.credentials_json flag in my Nakama Configuration. I’ve found no such flag. I tried to set it up using my docker compose file:

nakama/nakama migrate up --database.address postgres:localdb@postgres:5432/nakama &&
exec /nakama/nakama --config /nakama/data/local.yml --database.address postgres:localdb@postgres:5432/nakama --google_auth.credentials_json /nakama/data/google_auth.json

And got this error:

Also I tried to add it directly to the configuration file:

credentials_json: “/nakama/data/google_auth.json”

Is this flag obsolete? Or if it is not how exactly should I add it?

1 Like

The flag was recently introduced, please ensure you’re on the latest release of Nakama (3.16.0).

Thank you, @sesposito, that was not mentioned in the documentation!
By the way we still have some issues with that.

Here is json format that we try to pass to config:

“web”: {
“client_id”: “”,
“project_id”: “”,
“auth_uri”: “Sign in - Google Accounts”,
“token_uri”: “”,
“auth_provider_x509_cert_url”: “”,
“client_secret”: “”

Here is what error we get:

{“level”:“info”,“ts”:“2023-05-12T12:54:48.421Z”,“caller”:“server/config.go:89”,“msg”:“Successfully loaded config file”,“path”:“/nakama/data/local.yml”}
{“level”:“fatal”,“ts”:“2023-05-12T12:54:48.425Z”,“caller”:“server/config.go:117”,“msg”:“Failed to parse Google’s crendentials JSON”,“error”:“invalid character ‘/’ looking for beginning of value”}

What are we doing wrong?

1 Like

I missed how you were passing the config, it cannot be a path, it must be the serialised json string, something like: --google_auth.credentials_json='{"web":{"client_id":"","project_id":"","auth_uri":"","token_uri":"","auth_provider_x509_cert_url":"","client_secret":"","redirect_uris":[""]}}'

Be sure you config a redirect_url in your Google Config and regenerate the JSON config or it will be invalid.

@sesposito You helped me a lot! I’ve got a final question:)
AuthenticateGoogleAsync() takes in a JWT token, but GPGS-unity integration doesn’t provide one. Even the PlayerIdToken, that we can obtain by using web client id is not a JWT token. How can we obtain that web client id?

I believe the JWT token should be supported, have you tried using one in AuthenticateGoogleAsync?

AuthenticateGoogleAsync is actually what I am trying to use. But it takes in a JWT token. I don’t have one, because what GPGS actually provide is not a JWT token.

I misread, AuthenticateGoogleAsync() also supports the new Google Authentication flow, so not only JWT, I’m not sure what the client id you refer would be, you should have a look at: Enabling Server-Side Access to Google Play Games Services  |  Google Developers
Heroic Labs Documentation | Authentication