One Hour One Life Forums

a multiplayer game of parenting and civilization building

You are not logged in.

#1 2020-08-01 16:48:27

PXshadow
Member
Registered: 2019-06-19
Posts: 59

Account sharing protocol

The server upon connection of a socket will send a challenge_string

this challenge string will be intercepted by the relay and sent to the account server, which will use the challenge_string in combination with a random client's key to generate a one time use access-token (account_key_hash). The account server will than send the access-token and the email, the relay system will finish the login handshake and spawn into the game.

This protocol requires no custom client.
The protocol requires a relay client.
Hashing is done with HMAC_SHA1 in accordance to the OneLife server protocol
Emails are not hashed and as such other clients will be able to read them.


PXshadow#9132
Senior full stack developer

Offline

#2 2020-08-01 17:03:11

Cogito
Member
Registered: 2020-03-09
Posts: 50

Re: Account sharing protocol

Is this using cached credentials, stored on a 'relay server', to allow people to share accounts? Won't only one person be able to play per account at any time, and they will have the gene score of that account?

This sounds like a slightly safer? way to share an account without sharing login details, is that right?

Offline

#3 2020-08-01 18:12:52

PXshadow
Member
Registered: 2019-06-19
Posts: 59

Re: Account sharing protocol

Cogito wrote:

Is this using cached credentials, stored on a 'relay server' to allow people to share accounts?

Credentials could be stored on the relay it depends, if you want to implement the protocol in a server trust way or have a no trust system where both clients talk through the account server and transmit the data, the former needing the actual keys to be stored on the client.

Cogito wrote:

Won't only one person be able to play per account at any time, and they will have the gene score of that account?

Correct you'd need a system on top to make sure access to the accounts was limited to only another person in an interval of time otherwise people could conflict temporary ownership by booting other people playing out, in the case for instance of the Tarr account that happens whenever someone else joins, while someone before was playing. Gene score yes is would affect the account.

Cogito wrote:

This sounds like a slightly safer? way to share an account without sharing login details, is that right?

This system theoretically makes it totally safe to temporary share an account key (without sharing login details) with another person, and the other method with requiring you to trust the server is safe as long as the server can be trusted (Hence a trusted server model).


PXshadow#9132
Senior full stack developer

Offline

Board footer

Powered by FluxBB