Hi everyone, I read a post written few months ago in which a user was advised to create a runtime RPC function that generates a new token to exchange with the existing one to refresh the token.
I wanted to understand, the function to use in the runtime code is “nk.authenticate_token_generate(user_id, username)” ?
Then, client side how do I modify the session to insert the new token?
Thanks in advance.
It would help to know which client library you’re using? I believe all of them should have a function that restores a session from a token string. Normally this is used when reading a stored session at game startup, but it can be used to restore a session from a string received from an RPC response.
I’m using Unity client side.
Unfortunately in the documentation I have not found the function that restores the session.
Is the function I use in the runtime code correct?
Thanks.
You probably want to use this function. Yes, the nk.authenticate_token_generate runtime function will give you a valid session token.
Thanks, I’ll try this function.
I have another question: I created the runtime function that generates a new token to replace an expired token, but there is a problem: if my current token is expired I can’t run the rpc function to get the new one.
How can I fix this problem?
Thanks again.
@antoniocapizzi95 I would recommend you try to think about the problem to solve more deeply. The solution is quite straightforward:
- Make sure that you’ve configured the
session.token_expiry_secoption in the server to use a token lifetime that makes sense for your game. Maybe 1 day or 7 days or really whatever balance you want to strike between convenience for the player and re-authentication (depending on what authentication options you’re using with Nakama). - Attempt to refresh the token some number of hours before it expires. This is easy and cheap as an operation to perform so there’s no real harm in how long you leave it before you refresh the token.
- If the session token has expired (maybe because the player hasn’t played in a while) you re-authenticate the player like you would have to do anyway.
I believe the 3 steps above cover all scenarios around token lifetimes. Hope this helps.
Thanks for the information you gave me. I solved it.
I have another question. Is there a direct way to revoke a token? I mean other than waiting for the deadline ( session.token_expiry_sec).