Log in to Groovestats and retrieve API key within launcher client #7
Comments
|
That would imply typing in my password in the launcher, which I'd rather not do. If this is implemented, I'd like to keep the current flow as an option as well. =)
…-------- Original Message --------
On May 28, 2021, 13:07, rogerclark wrote:
The login flow could be simplified by making the login request in the launcher, retrieving the API key token from the request, and saving it locally.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, [view it on GitHub](#7), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AAFMSZDH6ZJ5WIPW2E7UOXLTP7EUZANCNFSM45XCNLSA).
|
|
Why would you be okay with typing your password into the GrooveStats website but not an application vended by GrooveStats? |
|
I can more easily check that I'm on the right website than verify that the binary I'm launching has not been tampered with, and I trust my browser to do the transaction securely more than I trust the launcher. ^^
Mind you, if the password isn't stored beyond the request made to fetch the API key, I can always do that binary verification (with a hash or something) once at that time, so it's not that much of an issue. I can always fill it in myself outside of the launcher, even.
On another note, this makes me realize that the launcher is global to the whole StepMania app while the API key is specific to a certain local profile. To be able to fetch the API key from the launcher, the latter would have to also fetch the local profiles and provide a way for the user to specify which one should use the newly fetched API key - perhaps through a dropdown menu or something.
…-------- Original Message --------
On May 28, 2021, 13:32, rogerclark wrote:
Why would you be okay with typing it into the GrooveStats website but not an application vended by GrooveStats?
—
You are receiving this because you commented.
Reply to this email directly, [view it on GitHub](#7 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AAFMSZAHHXCBSNKVQMDPBK3TP7HSFANCNFSM45XCNLSA).
|
|
I feel like one of the goals of the launcher is to have minimum interaction with it once the game is launched. It won't have knowledge of which profile to attach that API key to as the launcher is player agnostic. I do have thoughts on how to solve this issue though. E.g. Login methods from straight within the theme (using a QR code to sign in from your phone which can then relay the info back to your machine). |
|
Yeah, I pitched the QR stuff a while back; other games (Neon FM for example) have done similar things in the past. The current method was just the simplest to spin up in the timeframe we wanted to hit. I think we're all interested in simplifying the process in the future. |
The login flow could be simplified by making the login request in the launcher, retrieving the API key token from the request, and saving it locally.
The text was updated successfully, but these errors were encountered: