Instance Method

generateIdentityVerificationSignature(completionHandler:)

Generates a signature that allows a third party server to authenticate the local player.

Declaration

func generateIdentityVerificationSignature(completionHandler: ((URL?, Data?, Data?, UInt64, Error?) -> Void)? = nil)

Parameters

completionHandler

A block to be called when the request completes.

The block receives the following parameters:

publicKeyUrl

The URL for the public encryption key.

signature

The verification signature data generated.

salt

A random NSString used to compute the hash and keep it randomized.

timestamp

The date and time that the signature was created.

error

If an error occurred, this parameter holds an error object that explains the error. Otherwise, the value of this parameter is nil.

Discussion

When this method is called, it creates a new background task to handle the request. The method then returns control to your game. Later, when the task is complete, Game Kit calls your completion handler. The completion handler is always called on the main thread.

Invoke this method to verify the identity of the local player. Use the following steps to generate a signature on your server:

  1. Call [GKLocalPlayer generateIdentityVerificationSignatureWithCompletionHandler] in your app.

  2. Send the publicKeyURL, signature, salt, and timestamp parameters to the third party server used for authentication.

  3. Use the publicKeyURL on the third party server to download the public key.

  4. Verify with the appropriate signing authority that the public key is signed by Apple.

  5. Retrieve the player’s playerID and bundleID.

  6. Concatenate into a data buffer the following information, in the order listed:

    • The playerID parameter in UTF-8 format

    • The bundleID parameter in UTF-8 format

    • The timestamp parameter in Big-Endian UInt-64 format

    • The salt parameter

  7. Generate a SHA-256 hash value for the buffer.

  8. Using the public key downloaded in step 3, verify that the hash value generated in step 7 matches the signature parameter provided by the API.

If the generated and retrieved signatures match, the local player has been authenticated.