Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.

Bug Authentication fails with Invalid Token

Discussion in 'Authentication' started by DavidZobrist, Jan 22, 2022.

  1. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    The last week the auth sdk was working fine.
    Today I let my editor active and returend to my pc 3-4 hours later.
    When I hit play i get:


    Code (CSharp):
    1. [Authentication]: Request completed with error: {"title":"INVALID_SESSION_TOKEN","detail":"The session token is not valid.","details":[],"status":401}
    2.  
    3. UnityEngine.Logger:LogWarning (string,object)
    4. Unity.Services.Authentication.Utilities.Logger:LogWarning (object) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/Logger.cs:16)
    5. Unity.Services.Authentication.Utilities.WebRequest:RequestCompleted (System.Threading.Tasks.TaskCompletionSource`1<string>,long,bool,bool,string,string,System.Collections.Generic.IDictionary`2<string, string>) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:209)

    When I restart the editor the issue persists.
    Now I wonder if this is something that could also happen to a client of the final app. (customer)
     
  2. unity_Ctri

    unity_Ctri

    Unity Technologies

    Joined:
    Oct 20, 2020
    Posts:
    79
    Hi David,

    The session token you when logging in is a quick way of logging back in for a user. Each time you log in, it is replaced. Only the most recently issued session token will work for a user. It's most commonly relied on for anonymous logins, which otherwise have no mechanism for logging back in.

    If you DM me the userID from the authentication service, I can speak to the engineers on Monday to get some specifics about what happened.

    In this case where the session token is lost, and there's no linked login provider, you'd need to instruct your code to direct the user to a login flow, which if you're only using anonymous login means a new user account.

    To avoid situations where the session token is the only way the user logs in, we encourage the linking of a login provider to the player's account. Once that's present, even if the user wipes their device and starts over, the account can still be accessed.

    Does that clear everything up?
     
    DavidZobrist likes this.
  3. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    unity_Ctri

    yes thanks. So we are still in development nothing is live yet. My user ID I can send you.
    For now we only use anonymous and I would like this one to work withouth issues aswell for those players that never link.

    Does it maybe occure because I have the sign-In in a singleton which is "DontDestroyOnLoad"?
    The user persisted even when hitting play mode again and again.
    And theoratically recal await SignInAnonymously(); every time.
    But it didnt seem to create a new one.

    So is there a way to check if I currently already have a session token and check if its still valid? (or should i try catch it?)
    How ever this still leaves me with the questio what to do with an invalid token when SignInAnonymoulsy does not overwrite it.
     
  4. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    sent a pm!
    (restarting the pc does not fix that issue)
    Just information for others in future:
    I use a singletone with dont destroy on load which maybe particpates to this issue.
     
  5. erickb_unity

    erickb_unity

    Unity Technologies

    Joined:
    Sep 1, 2021
    Posts:
    41
    Hello,

    The singleton should not be an issue.

    Can you provide the version of Authentication SDK used, your cloud project id and your session token if possible?

    Authentication SDK version can be found in your package manifest in your unity project (Packages/manifest.json)

    Cloud Project Id can be found in your ProjectSettings file under cloudProjectId. (ProjectSettings/ProjectSettings.asset)

    The session token can be found in the PlayerPrefs, the location differs depending on which platform you are on.
    https://docs.unity3d.com/ScriptReference/PlayerPrefs.html
     
    Last edited: Jan 24, 2022
  6. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    Hi Erick,

    thanks for looking into this issue:

    "com.unity.services.cloudcode": "1.0.0-pre.6",
    "com.unity.services.authentication": "1.0.0-pre.37",
    "com.unity.services.cloudsave": "1.0.0-pre.3"


    cloudProjectId: abfb5932-efea-4a54-814b-6c42e1b95645
     
  7. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    Session Id i can find via registry

    abfb5932-efea-4a54-814b-6c42e1b95645.default.unity.services.authentication.session_token_h3622902611
     
  8. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    @erickboulay

    Any news on that issue?
    I still have auth commented out in our code as it still has the issue with the corrupted session token.
    Code (CSharp):
    1.    //   await SignInAnonymously();
     
  9. erickb_unity

    erickb_unity

    Unity Technologies

    Joined:
    Sep 1, 2021
    Posts:
    41
    Hey,

    Sorry for the delay for the reply,
    There is another piece of information that would be useful for us if you can provide it to us.

    Essentially, the session token key you provided is used to get the session token value in the player prefs, if you could provide us that value, it would be very useful.

    You could get it like this:
    Debug.Log(PlayerPrefs.GetString("abfb5932-efea-4a54-814b-6c42e1b95645.default.unity.services.authentication.session_token_h3622902611"));

    We are still looking into a few possible solutions for the backend to ensure this doesn't happen - this may take a bit more time.

    In the meantime, the best solution is to clear the session token (AuthenticationService.Instance.ClearSessionToken) when you get the error 'INVALID_SESSION_TOKEN'.
    This will be done automatically in the next version of the Authentication SDK.
     
    DavidZobrist likes this.
  10. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    Thanks
    here the output of the debug.log

    JM8VbT6bG1sGwJtekfebpRTiSv-aJdsQNE29y8A7ucamI6xN4yVTnQk8rSKehqDUwQHD14tpt8oIHJwYpBgZC0lUGTZNXM-Y0EXh3RRR10wH_nzW81Dyv1nJ1SS2ChtMJ2b53vB7Z0sCPXUI93ui3oNaSnWlAi7yGNp5LFcNh9A.GIhBBUCzyd8hHNs-wKWeLZyKifJsAhJAxLtt7BtZp8I
     
  11. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    @erickboulay
    (AuthenticationService.Instance.ClearSessionToken)
    worked

    yeah I realized that anonym users are refered as their session token.
    So everytime I get a new session token the data is not longer coupled to the player, which has not changed his device.

    Session token 1:
    7oBGbe6Wys2BBokd6AwuTLbOrwMl

    Session token2:
    GkNbHbIi6aMX5CW3WLOH7F8VNWGB

    Etc


    The expected behaviour would be:
    Use an Id that is couple with the device ID. So even if a new session has to be created that user still has access to his data aslong he uses the same device.
     
  12. erickb_unity

    erickb_unity

    Unity Technologies

    Joined:
    Sep 1, 2021
    Posts:
    41
    Hey,

    Thanks for providing the information, it's really helpful and we're digging into the problem now.

    Let me reassure you that this is not the intended behavior, you should always get the same player when using anonymous/session token login and you shouldn't need to worry about the token logic. This is high priority and we will fix this as soon as we can.
     
    DavidZobrist likes this.
  13. DavidZobrist

    DavidZobrist

    Joined:
    Sep 3, 2017
    Posts:
    181
    Thank you
     
  14. vengefullfoot

    vengefullfoot

    Joined:
    Sep 24, 2018
    Posts:
    20
    Hello, I ave exactly the same issue in the player while testing (when testing on devices it works). What is the procedure to have the player authenticating again ?
     
  15. erickb_unity

    erickb_unity

    Unity Technologies

    Joined:
    Sep 1, 2021
    Posts:
    41
    unity_Ctri likes this.
  16. vengefullfoot

    vengefullfoot

    Joined:
    Sep 24, 2018
    Posts:
    20
    Thank you very much. It worked nicely (actually clearing the playerprefs didn't, but the clearing the token in code worked). As you mentioned at the beginning this token is supposed to be reinitialized at each start, is it good practice to keep AuthenticationService.Instance.ClearSessionToken in the code to be executed each time and force the reinitialization of the token in case it's blocked ?
     
  17. erickb_unity

    erickb_unity

    Unity Technologies

    Joined:
    Sep 1, 2021
    Posts:
    41
    Hello,

    You should not clear this token as it is used by anonymous login to access the account you were previously signed in to.
    Clearing the session token is only needed when you get the INVALID_SESSION_TOKEN error specifically.

    However, this error should no longer occur for new tokens in you receive in the future.
    If it happens to you again, please report it to us.
     
  18. vengefullfoot

    vengefullfoot

    Joined:
    Sep 24, 2018
    Posts:
    20
    Ok, thank you very much.
     
  19. codoraunity

    codoraunity

    Joined:
    Sep 22, 2022
    Posts:
    4
    Hi all, I know this is an old thread but facing the same issue in my game implementation. When i use SignInAnonymouslyAsync() and hit play the user get logged in successfully, but when stop the game and start it again it creates a new user and the old access token gets empty. i am using the below sample code for anonymous login.
    Code (CSharp):
    1. using System.Collections;
    2. using System.Collections.Generic;
    3. using System.Threading.Tasks;
    4. using Unity.Services.Authentication;
    5. using Unity.Services.Core;
    6. using UnityEngine;
    7.  
    8. public class Authentication : MonoBehaviour
    9. {
    10.     internal async Task Awake()
    11.     {
    12.         await UnityServices.InitializeAsync();
    13.         await SignInAnonymously();
    14.     }
    15.  
    16.     private async Task SignInAnonymously()
    17.     {
    18.         Debug.Log(AuthenticationService.Instance.AccessToken);
    19.         AuthenticationService.Instance.SignedIn += () =>
    20.         {
    21.             var playerId = AuthenticationService.Instance.PlayerId;
    22.  
    23.             Debug.Log("Signed in as: " + playerId);
    24.         };
    25.         AuthenticationService.Instance.SignInFailed += s =>
    26.         {
    27.                 // Take some action here...
    28.                 Debug.Log(s);
    29.         };
    30.  
    31.         await AuthenticationService.Instance.SignInAnonymouslyAsync();
    32.     }
    33. }
    34. }