Authentication fails with Invalid Token

The last week the auth sdk was working fine.
Today I let my editor active and returend to my pc 3-4 hours later.
When I hit play i get:

[Authentication]: Request completed with error: {"title":"INVALID_SESSION_TOKEN","detail":"The session token is not valid.","details":[],"status":401}

UnityEngine.Logger:LogWarning (string,object)
Unity.Services.Authentication.Utilities.Logger:LogWarning (object) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/Logger.cs:16)
Unity.Services.Authentication.Utilities.WebRequest:RequestCompleted (System.Threading.Tasks.TaskCompletionSource`1<string>,long,bool,bool,string,string,System.Collections.Generic.IDictionary`2<string, string>) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:209)

When I restart the editor the issue persists.
Now I wonder if this is something that could also happen to a client of the final app. (customer)

Hi David,

The session token you when logging in is a quick way of logging back in for a user. Each time you log in, it is replaced. Only the most recently issued session token will work for a user. It's most commonly relied on for anonymous logins, which otherwise have no mechanism for logging back in.

If you DM me the userID from the authentication service, I can speak to the engineers on Monday to get some specifics about what happened.

In this case where the session token is lost, and there's no linked login provider, you'd need to instruct your code to direct the user to a login flow, which if you're only using anonymous login means a new user account.

To avoid situations where the session token is the only way the user logs in, we encourage the linking of a login provider to the player's account. Once that's present, even if the user wipes their device and starts over, the account can still be accessed.

Does that clear everything up?

1 Like

unity_Ctri

yes thanks. So we are still in development nothing is live yet. My user ID I can send you.
For now we only use anonymous and I would like this one to work withouth issues aswell for those players that never link.

Does it maybe occure because I have the sign-In in a singleton which is "DontDestroyOnLoad"?
The user persisted even when hitting play mode again and again.
And theoratically recal await SignInAnonymously(); every time.
But it didnt seem to create a new one.

So is there a way to check if I currently already have a session token and check if its still valid? (or should i try catch it?)
How ever this still leaves me with the questio what to do with an invalid token when SignInAnonymoulsy does not overwrite it.

sent a pm!
(restarting the pc does not fix that issue)
Just information for others in future:
I use a singletone with dont destroy on load which maybe particpates to this issue.

Hello,

The singleton should not be an issue.

Can you provide the version of Authentication SDK used, your cloud project id and your session token if possible?

Authentication SDK version can be found in your package manifest in your unity project (Packages/manifest.json)

Cloud Project Id can be found in your ProjectSettings file under cloudProjectId. (ProjectSettings/ProjectSettings.asset)

The session token can be found in the PlayerPrefs, the location differs depending on which platform you are on.
https://docs.unity3d.com/ScriptReference/PlayerPrefs.html

Hi Erick,

thanks for looking into this issue:

"com.unity.services.cloudcode": "1.0.0-pre.6",
"com.unity.services.authentication": "1.0.0-pre.37",
"com.unity.services.cloudsave": "1.0.0-pre.3"

cloudProjectId: abfb5932-efea-4a54-814b-6c42e1b95645

Session Id i can find via registry

abfb5932-efea-4a54-814b-6c42e1b95645.default.unity.services.authentication.session_token_h3622902611

@[erickboulay
](https://forum.unity.com/members/erickboulay.8035148/)
Any news on that issue?
I still have auth commented out in our code as it still has the issue with the corrupted session token.
// await SignInAnonymously();

Hey,

Sorry for the delay for the reply,
There is another piece of information that would be useful for us if you can provide it to us.

Essentially, the session token key you provided is used to get the session token value in the player prefs, if you could provide us that value, it would be very useful.

You could get it like this:
Debug.Log(PlayerPrefs.GetString("abfb5932-efea-4a54-814b-6c42e1b95645.default.unity.services.authentication.session_token_h3622902611"));

We are still looking into a few possible solutions for the backend to ensure this doesn't happen - this may take a bit more time.

In the meantime, the best solution is to clear the session token (AuthenticationService.Instance.ClearSessionToken) when you get the error 'INVALID_SESSION_TOKEN'.
This will be done automatically in the next version of the Authentication SDK.

1 Like

Thanks
here the output of the debug.log

JM8VbT6bG1sGwJtekfebpRTiSv-aJdsQNE29y8A7ucamI6xN4yVTnQk8rSKehqDUwQHD14tpt8oIHJwYpBgZC0lUGTZNXM-Y0EXh3RRR10wH_nzW81Dyv1nJ1SS2ChtMJ2b53vB7Z0sCPXUI93ui3oNaSnWlAi7yGNp5LFcNh9A.GIhBBUCzyd8hHNs-wKWeLZyKifJsAhJAxLtt7BtZp8I

@erickboulay
(AuthenticationService.Instance.ClearSessionToken)
worked

yeah I realized that anonym users are refered as their session token.
So everytime I get a new session token the data is not longer coupled to the player, which has not changed his device.

Session token 1:
7oBGbe6Wys2BBokd6AwuTLbOrwMl

Session token2:
GkNbHbIi6aMX5CW3WLOH7F8VNWGB

Etc

The expected behaviour would be:
Use an Id that is couple with the device ID. So even if a new session has to be created that user still has access to his data aslong he uses the same device.

Hey,

Thanks for providing the information, it's really helpful and we're digging into the problem now.

Let me reassure you that this is not the intended behavior, you should always get the same player when using anonymous/session token login and you shouldn't need to worry about the token logic. This is high priority and we will fix this as soon as we can.

1 Like

Thank you

Hello, I ave exactly the same issue in the player while testing (when testing on devices it works). What is the procedure to have the player authenticating again ?

Hello,

You just to clear your session token.
You can do this by using AuthenticationService.Instance.ClearSessionToken or clearing your player prefs.

You can find information on where the PlayerPrefs are saved here:
https://docs.unity3d.com/ScriptReference/PlayerPrefs.html

1 Like

Thank you very much. It worked nicely (actually clearing the playerprefs didn't, but the clearing the token in code worked). As you mentioned at the beginning this token is supposed to be reinitialized at each start, is it good practice to keep AuthenticationService.Instance.ClearSessionToken in the code to be executed each time and force the reinitialization of the token in case it's blocked ?

Hello,

You should not clear this token as it is used by anonymous login to access the account you were previously signed in to.
Clearing the session token is only needed when you get the INVALID_SESSION_TOKEN error specifically.

However, this error should no longer occur for new tokens in you receive in the future.
If it happens to you again, please report it to us.

Ok, thank you very much.

Hi all, I know this is an old thread but facing the same issue in my game implementation. When i use SignInAnonymouslyAsync() and hit play the user get logged in successfully, but when stop the game and start it again it creates a new user and the old access token gets empty. i am using the below sample code for anonymous login.

using System.Collections;
using System.Collections.Generic;
using System.Threading.Tasks;
using Unity.Services.Authentication;
using Unity.Services.Core;
using UnityEngine;

public class Authentication : MonoBehaviour
{
    internal async Task Awake()
    {
        await UnityServices.InitializeAsync();
        await SignInAnonymously();
    }

    private async Task SignInAnonymously()
    {
        Debug.Log(AuthenticationService.Instance.AccessToken);
        AuthenticationService.Instance.SignedIn += () =>
        {
            var playerId = AuthenticationService.Instance.PlayerId;

            Debug.Log("Signed in as: " + playerId);
        };
        AuthenticationService.Instance.SignInFailed += s =>
        {
                // Take some action here...
                Debug.Log(s);
        };

        await AuthenticationService.Instance.SignInAnonymouslyAsync();
    }
}
}

Hi @erickb_unity , I get this error when I try re-login after logout: Unity.Services.Authentication.AuthenticationException: unable to validate token ---> Unity.Services.Authentication.WebRequestException: {"title":"PERMISSION_DENIED","detail":"unable to validate token","details":[ ],"status":401}. Help me fix this please