question

bayraktarahmetenes avatar image
bayraktarahmetenes asked

A way to validate credentials without Login

Hi, I have been searching for an API to check the validity of a credentials in the server side without LoginWithUsernameAndPassword client API, but I could not find. Is there such an API?

The use case is the following. I want to disable client login APIs so that every client has to go through my server which uses server custom id and client API linking. When I do this if a client wants to link an email and password to make the account recoverable, the same email and password can not be used to authenticate the user on another device because I don't have any method to verify the credential since the LoginWithUsernameAndPassword will be disabled.

Authentication
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bayraktarahmetenes avatar image bayraktarahmetenes commented ·

By LoginWithUsernameAndPassword I meant LoginWithEmailAddress

0 Likes 0 ·

2 Answers

·
Rick Chen avatar image
Rick Chen answered

If you want to have full control of player's credential on your custom server, you can store their credentials in their internal user data, or your custom database. Then you can validate the player's credential on your server.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Infer Wang avatar image
Infer Wang answered

You can use this Api Authenticate Session Ticket to validate session ticket.

3 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bayraktarahmetenes avatar image bayraktarahmetenes commented ·

I did not understand. I want to validate users credential on another device so that I know it is indeed the person and I can let it have the user data. But as I said I want to disable LoginWithEmailAddress

0 Likes 0 ·
Rick Chen avatar image Rick Chen ♦ bayraktarahmetenes commented ·

I do not understand your requirement. What credentials do you want to validate on server? If you don't want the users to use LoginWithEmailAddress API, why are they allowed to link with Email address?

You can store their credentials in their internal user data instead. And if the user wants to validate their email address, your server can let the users provide their server custom id and email, and login the user on server side and check if the email they provided matches the one in the user internal data.

0 Likes 0 ·
bayraktarahmetenes avatar image bayraktarahmetenes Rick Chen ♦ commented ·

I don't want clients to be able to use Login* apis because I want to control the system within my backend. I want to validate the credentials of the user, which is email and password so that if a user wants to recover an account I can validate this.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.