6.0 The Authentication Token

The authentication token passed to the game is a JWT (Json Web Token, for more info https://jwt.io/). This JWT is a RS256 signed token that contains the player’s authentication information including their Gala userId and basic profile. This token has been signed with Gala Games Private Key and thus can be validated by anyone possessing the Gala Games Public Key to ensure it has not been tampered with and truly originated from Gala Games.

When a game is launched by the Gala Games launcher, the authentication JWT is passed as an argument and contains the launching user’s ID.** **

It is absolutely necessary to always validate the token using the corresponding Gala Games Public Key.