Game Auth

Extensions are a natural companion to existing games. Whether you want to show alerts to all viewers when an important event occurs, show real-time stats updates and in-depth analysis or something new and innovative that no one else has thought up yet, integrating an extension into your game can provide viewers with a whole new way to engage.

One of the difficulties with integrating a game and extension, however, occurs when you need to verify the identity of a player and streamer. MEDKit offers a convenient way to do exactly that without the need to run an OAuth server or make massive changes to your game.

Authorizing

The first step is for the game to request a JWT (to use for all future API requests) and a PIN (used by the streamer to verify their identity).

The game should then display the PIN to the player and request that the user enter the PIN into a text box on the extension configuration page.

At that point, the client may use the returned JWT as a valid authorization token associated with the streamer’s channel. The provided JWT will have broadcaster-tier access.

POST: https://api.muxy.io/v1/e/unauthed/pin

The authorization token is valid for 24 hours. Once validated, the generated JWT is valid forever.

Request Body:

{
  "identifier": "<extension client id>"
}

Response

{
  "token": "eyJ0eXAiOiJKV1QiLC...", // A broadcaster-tier JWT
  "pin": "m26jn"                    // A 5-character PIN
}

POST: https://api.muxy.io/v1/e/unauthed/validate_pin

Once the player has entered the PIN in the extension (and communicated this action with the game), you may hit this endpoint to check that the PIN was entered correctly and that the JWT returned in the last step is now active.

Request Body:

{
  "identifier": "<extension client id>",
  "jwt": "eyJ0eXAiOiJKV1QiLC..."
}

Sending Data from a Game

Now that the JWT is active, you can make API requests directly to the server and they will update the extension state for that verified channel.

See Extension State for examples of how to retrieve and modify state for an extension.

Github Examples

A real-world example of using the Game Auth system to verify a streamer’s identity can be found in our open source hardware monitor app. This uses a program running on the streamer’s computer to send hardware information (CPU usage, memory available, meltdown likelihood) to an extension for all the viewers to laugh at.

https://github.com/muxy/medkit-examples/tree/master/hardware_monitor