Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Authentication
See original GitHub issueAs of now Colyseus does not have any authentication step in built, so Marie can be Marie but is actually Jake! Lets make sure that Jake can’t be Marie.
My proposal is as follows and assumes TLS
- Upon initial connection the server sends a
request_authorizationevent. Which has a nonce and a state. - Upon receiving the
request_authorizationthe client fetches a JWT using an IdP and sends this JWT backauthorizationas the first event with the payload as a JWT. - The server validates the token
- If the token is invalid or
nonce/statefailure occurs the server emits anauthorization_errorevent and must close the connection immediately. - If the token is valid the server sends
authenticatedevent and continues to initialize the client.
- If the token is invalid or
This will work just fine with #48 in future as any transport mechanism can implement this as the primary means of upgrading the connection.
The Token structure is tbd we need to consider what the user will be able to do (privileged access, etc, before we find the optimal token structure)
This flow does not account for IdP initiated flow. However, the match-making can still be moved to the identity provider which will resolve #43
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
LGTM
Finally an initial implementation of this! https://github.com/gamestdio/colyseus/wiki/Authentication
Feel free to re-open if you feel something is missing. Thanks, @darkyen!