Skip to main content

Validate a user token

Last updated on October 24, 2023

Customization is not available on AGS Starter tier yet. It's coming soon!


When writing your custom service involving AccelByte Gaming Services (AGS), you may be required to validate a user token before performing any actions. This can be achieved using the validate token function in the AccelByte Extend SDK.

There are two methods of token validation in the AccelByte Extend SDK: remote and local. With the remote token validation, an AGS endpoint will be called every time token validation is requested. However, with the local token validation, the token is validated against JWKS and the revocation list locally cached by the AccelByte Extend SDK. The difference between these two methods is the local token validation may be faster than the remote token validation, but it is possible to get a false result until the revocation list cached locally is refreshed. By default, the remote token validation is used.

The AccelByte Extend SDK is available in multiple programming languages. Here we will show you how to validate a user token using the Go Extend SDK, with the remote token validation.


In this guide you will:

  • Import the Validator Package
  • Validate a user token using the Go Extend SDK


In order to start on this guide, you should have:

  • Installed Go 1.16 or later

  • Gained access to the AGS demo environment:

    • Use for the AB_BASE_URL environment variable.
    • Follow the steps in the Create an OAuth Client guide using a confidential client type. Use the Client ID and Client Secret for AB_CLIENT_ID and AB_CLIENT_SECRET environment variables respectively.
  • You must have added the Go Extend SDK as your project dependency. See Getting Started with the Extend SDK for more details.

    1. Import the Validator Package, and validate a user token

      Add the following in your import section.

      import (
    2. Validate a user token using the Go Extend SDK

      Initialize the token validator, and validate the user token using the Validate function.

      tokenValidator := validator.NewTokenValidator(authService, time.Hour)

      err = tokenValidator.Validate(accessToken, &requiredPermission, &namespace, nil)

Next steps


  • For more advanced usage of the Go Extend SDK, see the README.