Using Scout, you can verify your user's ownership of a specific persona (for example, an Xbox Live account) using our verification flow. In order to complete this flow, a user only has to follow the verification steps for one or more of the platforms specified by your application. The user is not required to have a Scout account, though we may ask them if they want to create one before sending them back to your application.
Verification starts with your application directing the user to Scout's verification flow. If you're using the Scout SDK, we can build the verification flow URL and/or UI for you. An example of how to do this follows.
Note that it is okay and secure to build a verification flow URL from a client side app.
- Native SDK (iOS)
- Native SDK (Android)
The user will then complete the verification process on Scout. Once they are sent back, your application is ready to validate the verification.
Validating the response
In order to validate the response from Scout (to confirm the user isn't trying to trick
your app), your app must validate the returned token using your app's secret key. The
token is a JSON Web Token and is returned as the
parameter on your return URL. Because your app's secret key is required, validation must
happen on a secure server, not in client code.
Note: Validation of the returned token is ESSENTIAL as tokens are easily forged. Validation CANNOT be done on the client side at this time.
Below are examples of how you can validate a validation token.