docs(readme): update token validation info

AccelByte · Feb 10, 2024 · 0015bbf · 0015bbf
1 parent 82d5bd9
commit 0015bbf
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 9 deletions.
diff --git a/.env.template b/.env.template
@@ -1,5 +1,5 @@
-AB_BASE_URL=https://demo.accelbyte.io
+AB_BASE_URL=https://test.accelbyte.io
 AB_NAMESPACE=accelbyte
 AB_CLIENT_ID=
 AB_CLIENT_SECRET=
-PLUGIN_GRPC_SERVER_AUTH_ENABLED=false
+PLUGIN_GRPC_SERVER_AUTH_ENABLED=true
diff --git a/README.md b/README.md
@@ -67,17 +67,16 @@ flow properly when the app is deployed.
 2. Fill in the required environment variables in `.env` file as shown below.
 
    ```
-   AB_BASE_URL=https://demo.accelbyte.io     # Base URL of AccelByte Gaming Services environment
+   AB_BASE_URL=https://test.accelbyte.io     # Base URL of AccelByte Gaming Services environment
    AB_CLIENT_ID='xxxxxxxxxx'                 # Client ID from the Prerequisites section
    AB_CLIENT_SECRET='xxxxxxxxxx'             # Client Secret from the Prerequisites section
    AB_NAMESPACE='xxxxxxxxxx'                 # Namespace ID from the Prerequisites section
-   PLUGIN_GRPC_SERVER_AUTH_ENABLED=false     # Enable or disable access token and permission verification
+   PLUGIN_GRPC_SERVER_AUTH_ENABLED=false     # Enable or disable access token validation
    ```
 
-   > :warning: **Keep PLUGIN_GRPC_SERVER_AUTH_ENABLED=false for now**: It is currently not
-   supported by `AccelByte Gaming Services`, but it will be enabled later on to improve security. If it is
-   enabled, the gRPC server will reject any calls from gRPC clients without proper authorization
-   metadata.
+   > :info: **In this sample app, PLUGIN_GRPC_SERVER_AUTH_ENABLED is `true` by default**: If it is set to `false`, the 
+   `gRPC server` can be invoked without `AccelByte Gaming Services` access token. This option is provided for development 
+   purpose only. It is recommended to enable `gRPC server` access token validation in production environment.
 
 ## Building
 
@@ -99,6 +98,9 @@ docker compose up --build
 
 ### Test in Local Development Environment
 
+> :warning: **To perform the following, make sure PLUGIN_GRPC_SERVER_AUTH_ENABLED is set to `false`**: Otherwise,
+the gRPC request will be rejected by the `gRPC server`.
+
 The custom functions in this sample app can be tested locally using [postman](https://www.postman.com/).
 
 1. Run this `gRPC server` sample app by using the command below.
@@ -220,7 +222,7 @@ and `Client Secret` created in the previous step. Pay attention to sample `gRPC
 `gRPC Server` methods should get called.
 
    ```
-   export AB_BASE_URL='https://demo.accelbyte.io'
+   export AB_BASE_URL='https://test.accelbyte.io'
    export AB_CLIENT_ID='xxxxxxxxxx'         # Use Client ID from the previous step
    export AB_CLIENT_SECRET='xxxxxxxxxx'     # Use Client Secret from the previous step    
    export AB_NAMESPACE='accelbyte'          # Use your Namespace ID