Skip to main content

Authentication Flow

1. Initial Connection

  1. token (launchUrlToken) is retrieved from URL
  2. X-Player-Token header is used for REST API requests
  3. launch_url_token query parameter is sent when establishing WebSocket connection

2. In-Game Token

  1. When WebSocket connection is established, server sends Token message
  2. Token and refreshToken are saved to localStorage by AuthManager
  3. This token is used in subsequent WebSocket messages

3. Token Refresh

  1. shouldRefreshToken returns true 15 minutes before token expires
  2. refreshToken field is added to WebSocket messages
  3. Server sends new token