For context. I have a custom built UDP server handling actions for my game. I am using Nakama for everything else, storage,account management, etc.
What I would like to do, is login with Nakama, pass the token through my custom UDP server and have that server validate the token with Nakama before returning any actions. Just for a little extra security. I’ve created a RPC method in nakama but I am not finding anything in the Nakama runtime to validate a token.
The session token is encrypted using JWT; The encryption key for the token is called “encryption_key” in the Nakama configuration. Share this value with your UDP server, and simply validate that the signature of the Nakama token passed to it is valid - you don’t need a s2s RPC call for this and all of this can be done locally to your UDP server.
This did it, used JOSE library in C# backed to decode the JWT. It has other client libraries for anyone else that might come across this answer.
Thanks Again!
That makes total sense - if you’re using a custom UDP server alongside Nakama, you definitely want to verify those tokens without making a round-trip RPC call every single time. Since Nakama uses JWTs for sessions, the “magic” is all in the session.encryption_key in your config. As long as your UDP server has access to that same key, you can validate the signature locally using any standard JWT library (like JOSE for C# or jsonwebtoken for Node). One thing that helped me when I was setting this up was using JWT Token Decoder Online just to peek at the payload structure of the tokens Nakama was spitting out. It’s handy for double-checking that the exp (expiry) and uid (user ID) fields are exactly where you expect them to be before you finalize your validation logic.
Once the keys match and you’ve got the signature check working, you’re good to go across any environment!