Custom Authentication Flow
Options
Hi,
I'm a desktop application developer rather than a web developer, so I'm muddling through this. Thanks for your patience
My understanding of the authentication flow is something like this:
1. User signs up to my website, with a username and password (let's ignore OAuth2 for now)
2. User fires up my unity application
3. User provides username and password to unity application
4. My website sends them a token that they can use
5. Unity application sends requests to PhotonServer with their username and the token I provided
6. PhotonServer queries my website to see if the token is acceptable
7. My website responds with a properly formatted json result
8. Photon carries on with the request if it was authenticated
1 Can you confirm that I have this much right?
2. I'm looking for suggestions for how to implement my website for this. I've started using ASP.NET Core to build a site and I can log into it from a web page. Does anyone know how to log into it from unity?
3. If ASP.NET Core isn't recommended (I've invested a total of a day in it, so I can change no problems) does anyone have any other suggestions for how to build the web application. I know Python as well as C#.
Thanks for reading this far,
Steve
I'm a desktop application developer rather than a web developer, so I'm muddling through this. Thanks for your patience
My understanding of the authentication flow is something like this:
1. User signs up to my website, with a username and password (let's ignore OAuth2 for now)
2. User fires up my unity application
3. User provides username and password to unity application
4. My website sends them a token that they can use
5. Unity application sends requests to PhotonServer with their username and the token I provided
6. PhotonServer queries my website to see if the token is acceptable
7. My website responds with a properly formatted json result
8. Photon carries on with the request if it was authenticated
1 Can you confirm that I have this much right?
2. I'm looking for suggestions for how to implement my website for this. I've started using ASP.NET Core to build a site and I can log into it from a web page. Does anyone know how to log into it from unity?
3. If ASP.NET Core isn't recommended (I've invested a total of a day in it, so I can change no problems) does anyone have any other suggestions for how to build the web application. I know Python as well as C#.
Thanks for reading this far,
Steve
0
Comments
-
what you described looks fine.
there is one more way to use custom auth. you connect to photon, and send userId and password.
photon redirects this request to your web app, you respond with proper json and that is it.
if you need your way, old version of unity contained 'www' class, but not sure about last versions of unity. do not forget to establish secure connection, otherwise all your data might be intercepted and all authenitcation does not make sense
asp.net core is perfectly fine. you may use even lua, like webscript.io does
0 -
Hi @steveBetl,
What @chvetsov tried to say is that you can have a simple -yet less optimal- workflow that does not involve a token.
So you can remove the token client-webserver request/response but that is up to you.
Also custom authentication credentials can be anything and it does not to be username and token. Just do not send password as plain text. :]
I think you can make use of OAuth (2) with famous auth providers like social networks, facebook, twitter, twitch, google, etc.
About web server implementation just look for something secure (HTTPS) and simple.0 -
Hi @chvetsov and @JohnTube,
Thanks for confirming the basic workflow. That's very helpful, since I now know I'm trying to solve the right problem.
As far as getting that first token goes, I've worked out what my problem was - I was using the anti-forgery token and using the usual HTML MVC style controllers. If I build a restful API instead (using an API controller) then everything becomes much simpler.
If I can put something simple together then I might even be able to make a decent tutorial out of it - once I've worked it out, no one else needs to suffer, right?
Thanks once again,
Steve1 -
If I can put something simple together then I might even be able to make a decent tutorial out of it - once I've worked it out, no one else needs to suffer, right?
Good idea! Please post it on "Tutorials and code sharing" category once done.0