Could you not create your own api at this stage to confirm the devices? Get them to use someones UUID + your seed in order to create a unique identifier with the api and send hello packets every so often to see if the user is alive. What boggs me is its a GTA V issue why is valve suddenly fucking with that code, pockets of rockstar must be quite deep to have such influence over a gaming platform.
Holy,
this actually is a huge problem for servers. Like we do use steam identifier for almost everything. Why? Because itâs simply the best.
Everyone have steam and all you have to do is just log into it. Then you play on whatever device you want.
What identifier should we use now? Creating own auth system on server would not solve this, because we need to do auth even before users connects - for queue etc.
I really hope FiveM team will find some good solution to that - like if servers could do itâs auth before players connect? When they join que?
Or like someone already said, why does not FiveM with 50k players online have itâs own place on Steam?
What unique value are you using to check against this registration?
You canât manually input anything at the point you connect to the server so you can only make do with what is provided; and in that sense that is really only the identifiers.
PepeHands. It was good knowing you all
Quick fix: Write a stupid little $1 game and sell it on steam. Get appID, use it in FiveM as well. 
Before anyone bashes me⌠I know, they canât do that, but it was fun to say.
I love everyone whining about this. ermergurd steem is de only authentication methodz we can use omagawd
psa
everyone on fivem has a rockstar license
use it
2 Likes
I can change identifier to license ?
Youâre not supposed to use a combination since identifiers might not be present on the same user (e.g. people not running a gaming client, while other high-trust/low-variance identifiers are still present), youâre supposed to use an IN-type match on whatever identifiers youâre given, and store all user identifiers that are considered low-variance at any time a given user is playing.
Identifiers may appear or disappear at any time, be in any order, and have any prefix - assuming that thereâs a fixed number, or only one kind of low-variance identifier, or that prefixes will always be present is incorrect: they should just be used as an opaque link.
Itâs a core component for project integrity, since pretty much every system depends on âownership ticketsâ and licenses are just a SHA256 hash of the linked identity in identifier format these are generally deterministic assuming people authenticate with the exact same identity.
Steam is not set for ~10% of players (but this is a biased set since 80%+ of servers require Steam to be set), Discord is not set for ~30% of players, Live is not set for ~50% of players and XBL is not set for ~60% of players.
A quick table of global server connections from a sample period of a bit below 24 hours:
| Identifier type | Prevalence |
|---|---|
| xbl | 63723 (40.6%) |
| live | 79601 (50.7%) |
| discord | 116414 (74.2%) |
| steam | 142853 (91.1%) |
| license | 156889 (100%) |
| Total in sample | 156889 (100%) |
While Steam has a higher prevalence than other 3rd party identity providers, as above this bias is explained by Steam being mandated by a fairly large amount of servers currently. It should also be noted that the overlay in percentages is not necessarily a subset of other identifier types - someone might very well have only live and license identifiers.
Footnote: Interestingly, out of the 14036 users in the sample that donât use Steam, 4169 have Discord, Live and XBL identifiers, and 9452 have a Discord identifier. Even now, if you only rely on Steam, youâre excluding 6% of users that could have been supported with zero effort if only youâd consider Discord a valid identifier, leading to an amount of only 1.5% of users who only have a license and would be rejected, as opposed to ~9% by only using Steam.
3 Likes
Nowhere did we ever mention âusing multiple identifiersâ, only âdonât rely on one identifier type always existingâ. You might be conflating an official stance with that of an external moderator above.
There are no âidentifiers which constantly changeâ other than the ip identifier, as all identifiers other than ip are graded for low variance. If you can reproducibly show e.g. the license identifier changing without the end user intentionally doing something in order to alter it, maybe youâd have a point - but with the way the license identifier is implemented, it canât change without the end user using a different account to validate their game copy.
Try it - validate your game using Steam, hash the owning accountâs steam: identifier using SHA256, and compare that to the license identifier; this should effectively match. The same goes for ROS validation and usersâ Rockstar account IDs.
Yet - you can sign in to a different account, either on purpose or by accident. Similarly, by the same logic youâre using, you canât change your Rockstar account ID nor the license-owning SteamID, so license is also a âreal static identifierâ, and youâre contradicting yourself.
1 Like
Given the inherent nature of this project and the concept of external identifiers being against large corporationsâ interests, you never know - however license is the most solid of all identifier types so far since the same backing services have to be kept running in order for legitimate game copies to work at all.
The discord identifier should work fine since recent patches to the CnL backend that fixed some incorrect usage of HTTP client instances. With a 74.2% prevalence without any direct push by servers to mandate it, it is a very decent identifier type to use as an account-based fallback - so it makes even less sense to only use Steam even if Valve doesnât end up permanently breaking it.
The same way you always shouldâve done: adding a message with âask the server owner to whitelist identifier [IDENTIFIER HERE]â in your whitelist rejection message so the user can just select and copy their identifier, and the server owner can just paste it in.
The original FiveM whitelist example code did this, if you/other people writing whitelist systems didnât adopt this itâs on you guys for not doing so.
2 Likes
Metrics above show license is the âbestâ, however.
Around 10% of people donât have Steam. License identifiers also work across devices, and if you want an external sign-in, Discord identifiers tend to work though might break when Discord decides to remove the overlay API we use to auto-provision an approved app.
⌠what? âUUIDsâ are not a thing that get assigned to a user at all automatically by any system, what?
Unrelatedly, itâs been a todo item for a brief while to support interactive cards during connection.
Exactly.
If only. 
AHAHAHAH
Thatâs actually a really good point/idea that I never thought of making mine. Iâm gonna make a push to those tonight
iâve encountered many times players with same social club account bought in stores⌠letâs say not official⌠the problem is that using steam e license we always had a way to check that whoâs connecting is an unique player, using only 1 identifier like social club might generate a problem of homonymy and if more than one player connects with same social club how can we check if that player is different? you might say check their name, and if they use the same name?
To my knowledge licenses are per game copy bought, not from the account. Maybe the script your using is not collecting licenses properly
nono i asked players with actual sam license and they told me they bought those modded accounts from⌠(i hate to say it because iâm not racist) russian sites
and all of them with same license told me the same thing⌠bought a modded account and they had all the same license (esx got mad and didnât make their char to load)
i would be careful with stating it like that, because if you say it like that, that certainly means licenses do change. Use the same sc account on a different game copy and you have a different license. which should not be the case.
iâll post some stealable code with database tables later, for an id system, i guess.
Does VRP have the same issue?
If I remember correctly, and you should know the definite answer to this as a vRP user, vRP also uses Steam identifiers as a primary identifier. So yes, this also affects vRP.
It practically affects 91% of the playerbase if one would go by the statistics given by seaborgium.
So thatâs an issue with the accounts themselves being sold multiple times. One should never buy illegally obtained accounts as the risks associated with them are, as you can see, prevalent.
Can you register more than one GTA V copy on the same SC account? If so, thatâs very surprising to me that R* wants to associate a registered account with more than one serial key.
My overall stance on this is that everyone should start migrating to the use of the license identifier. Iâve never seen mine change across multiple machines, so it definitely is unique. You would also not shut out those players that donât have Steam or accidently didnât start Steam. One should rely on third-parties as little as possible and considering that the FiveM auth services themselves rely on the SC API, the license identifier is the most stable option by far.
For major frameworks like ESX, vRP, and essentialmode this will take some time to adopt changes, but Iâm certain with the warning that was given here ahead of time the maintainers of these frameworks have a great opportunity to make them more inclusive.
I am not certain if it is possible, but at least you can have console and pc versions tied to the same account.
But steam and sc is usually tied together, so if you buy another gta5 on a different steam account, but then use the same sc account, what stops you? I donât think R* would stop you from spending money on them.
Also what i wrote was a thought construct on what FAXES wrote.