steam id

[Rick]

Is there a steam ID we're able to get to uniquely ID people? I assume there is but how is it promised to be the currently logged in Steam user instead of someone spoofing it? There are multiplayer games through Steam that don't require a logon and I'm curious how that process works and if we have access to it in our own system?

[gamecreator]

Not sure if you're a Steam partner but there's some relevant reading here: https://partner.steamgames.com/doc/features/auth

I think the short story is that Steam tries in several ways (between authentication and VAC bans as deterrent) but you can always hack something with enough time/skill/information so just do the best you can and don't worry about the rest.

Oh, and SteamUser()->GetSteamID() is the specific command to get the unique ID.

[Rick]

Quote

 

Session Tickets and the Steamworks Web API

User Authentication

The following steps detail how to use Session Tickets to verify a user's identity between the user's game client and a secure server:

• The client must retrieve a session ticket by calling ISteamUser::GetAuthSessionTicket.
• To guarantee a valid ticket, the client must wait for the ISteamUser::GetAuthSessionTicketResponse_t callback.
• The client must send its session ticket to the secure server.
• The secure server must make an HTTPS request to api.steampowered.com and call the ISteamUserAuth/AuthenticateUserTicket web method, passing the user's session ticket as a hex encoded UTF-8 string. Please note that this method requires a Web API Publisher Key that is associated with the AppID for the provided ticket.
• If the user's ticket is valid, then ISteamUserAuth/AuthenticateUserTicket will return the user's 64-bit SteamID.

Ownership Verification

Once a user's identity has been verified, a secure server can use the ISteamUser/CheckAppOwnership Web API method to check if the user owns a particular AppID, or call ISteamUser/GetPublisherAppOwnership to retrieve a list of all user owned AppIDs that are associated with the provided Publisher Key.

 

 

Are we able to call GetAuthSessionTicket() from LE (lua)? I don't see any docs about it but this looks like where the process needs to start. I can then send the session ticket to my server to call the API on and validate the user.