Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server-side verification #28

Open
mikecann opened this issue Feb 21, 2024 · 1 comment
Open

Server-side verification #28

mikecann opened this issue Feb 21, 2024 · 1 comment

Comments

@mikecann
Copy link

Hi, thanks for creating this plugin.

The issue is that the data that that signIn returns is only very basic (player_name, player_id) and doesnt contain enough information to be able to do server-side validation of this user. This is an issue as we cannot simply trust the ID that the client sends to the server.

For IOS I notice this code: https://github.com/openforge/capacitor-game-connect/blob/main/ios/Plugin/CapacitorGameConnect.swift#L16

And looking up the docs: https://developer.apple.com/documentation/gamekit/gklocalplayer I can see that this a bunch of stuff that is omitted that would allow us to to do the server-side validation.

May I ask why it has been omitted and if it is possible to add it?
@mikecann
Copy link
Author

I just had a thought.

Is the "player_id" returned from the signIn unique per app. So that is if the same user logs into AppA and AppB will signIn return two different ids?

If this is the case then we could effectively treat the "player_id" as a secret token (so long as we dont publicly expose it) as it is not guessable.

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikecann