Contents

fetchItems(forIdentityVerificationSignature:)

Generates a signature that you can use to authenticate the local player on your own server.

Declaration

func fetchItems(forIdentityVerificationSignature completionHandler: (@Sendable (URL?, Data?, Data?, UInt64, (any Error)?) -> Void)? = nil)
func fetchItemsForIdentityVerificationSignature() async throws -> (URL, Data, Data, UInt64)

Parameters

  • completionHandler:

    A block that GameKit calls when the request completes.

    The block receives the following parameters:

    publicKeyURL

    The URL for the public encryption key.

    signature

    The verification signature data that GameKit generates.

    salt

    A random NSString that GameKit uses to compute the hash and randomize it.

    timestamp

    The signature’s creation date and time.

    error

    If an error occurs, this parameter holds an error object that explains the error. Otherwise, the value of this parameter is nil.

Mentioned in

Discussion

Use this method when you need to authenticate with your server. To generate a signature for your authentication server, you perform steps in the game and pass data to the server, which completes the process.

In your game, follow these steps:

  1. Call the fetchItems(forIdentityVerificationSignature:) method.

  2. Send the completion handler publicKeyURL, signature, salt, and timestamp parameters to your authentication server.

  3. Share the teamPlayerID and the bundle ID (see CFBundleIdentifier) with the server. For Apple Arcade games, share the gamePlayerID instead of the teamPlayerID.

On the server, perform these steps:

  1. To mitigate replay attacks, make sure the timestamp parameter is recent, and to avoid high network overhead, respect the cache expiration headers.

  2. Download the public key using the publicKeyURL parameter.

  3. Verify with the appropriate signing authority that Apple signed the public key.

  4. Concatenate the following information into a data buffer in this order: the teamPlayerID (or gamePlayerID for Apple Arcade) property in UTF-8 format, the bundle ID in UTF-8 format, the timestamp parameter in big-endian UInt64 format, and the salt parameter.

  5. Use the public key to verify the signature of the concatenated data buffer using the RSASSA-PKCS1-v1_5 algorithm.

If the generated and retrieved signatures match, GameKit authenticates the local player.

See Also

Authenticating the Local Player