Authentication

GFN uses JWT-based authentication for both client-server communication and inter-service authentication on the rig.

Client Authentication

JWT Token

From vendor_beautified.js:

javascript

// JWT token injection into WebRTC/streaming requests
case 1: st("GFNJWT ", token)   // Prepends "GFNJWT " to token
authTokenCallback()             // Callback for token refresh

The GFNJWT prefix distinguishes GFN tokens from other auth schemes.

IPC Bridge Commands

SET_AUTH_INFO    ← Full authentication info object
SET_AUTH_TOKEN   ← JWT token string

LOFN Key

The LofnKeyInfoDef protobuf and lofnDataSendTimeoutMs suggest an encryption key exchange mechanism (LOFN = likely "Local On-Rig Negotiation"):

json

{
  "GcisConnector": {
    "lofnDataSendTimeoutMs": 3000
  }
}

Server-Side Authentication

Provision Manager (PM) Auth

PM communication uses mutual TLS:

json

{
  "PMConnector": {
    "authEnabled": true,
    "nonceLengthBytes": 16,
    "crlCacheTimeMin": 720,
    "cipherList": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:..."
  }
}

Server certificate requirements:

CN: pm.np-ams-06.svc.cluster.local
Issuer: GFN PM - API Server Zone NP-AMS-06 CA 02

GSG (Game Seat Gateway) Auth

API key-based authentication, refreshed every 5 minutes:

json

{
  "GSGConnector": {
    "apiKeyRefreshPeriodSec": 300
  }
}

Auth Info Protobuf

AuthInfoDef covers:

Authentication protocol types
Error codes for auth failures
Token validation states

AuthorizationInfoDef covers:

User authorization time limits
Storage authorization
User identity data

Entitlement Codes

From AuthInfoDef and EntitlementInfoDef:

Code	Description
`INVALID__AUTHENTICATION_MALFORMED_STATUS`	Malformed auth token
`INVALID__AUTHENTICATION_NOT_FOUND_STATUS`	Auth not found
`INVALID__AUTHENTICATION_EXPIRED_STATUS`	Token expired
`INVALID__AUTHENTICATION_CREDENTIALS_STATUS`	Bad credentials
`INVALID__AUTHENTICATION_UNKNOWN_TOKEN_STATUS`	Unknown token type
`INVALID__AUTHENTICATION_EMAIL_NOT_VERIFIED_STATUS`	Email unverified
`INVALID__AUTHENTICATION_UNSUPPORTED_PROTOCOL_STATUS`	Unsupported protocol
`AUTH__FAILURE_STATUS`	Generic auth failure
`ENTITLEMENT__FAILURE_STATUS`	Entitlement check failed
`EULA__UNACCEPTED_STATUS`	EULA not accepted

Steam Authentication

Steam sessions use dedicated protobuf types:

SteamSessionDef — Steam session with launch parameters
SteamTokenFilesSessionDef — Steam auth token files for login

Steam-specific error codes:

Code	Description
`STEAM__GUARD_REQUIRED_STATUS`	Steam Guard 2FA required
`STEAM__GUARD_INVALID_STATUS`	Invalid Steam Guard code
`STEAM__LOGIN_REQUIRED_STATUS`	Steam login required
`STEAM__PROFILE_PRIVATE_STATUS`	Steam profile is private

UEK (User Encryption Key)

UEK__RETRIEVAL_FAILED

The User Encryption Key is used for encrypting user save data in cloud storage. If retrieval fails, cloud saves may be unavailable.

Authentication ​

Client Authentication ​

JWT Token ​

IPC Bridge Commands ​

LOFN Key ​

Server-Side Authentication ​

Provision Manager (PM) Auth ​

GSG (Game Seat Gateway) Auth ​

Auth Info Protobuf ​

Entitlement Codes ​

Steam Authentication ​

UEK (User Encryption Key) ​

Authentication

Client Authentication

JWT Token

IPC Bridge Commands

LOFN Key

Server-Side Authentication

Provision Manager (PM) Auth

GSG (Game Seat Gateway) Auth

Auth Info Protobuf

Entitlement Codes

Steam Authentication

UEK (User Encryption Key)