We have a requirement that users should be able to log in with e-mail and password, and the e-mail should be changeable (by the user, not in game manager by support). I know that this isn't supported by PlayFab so I'm trying to work around it.
One solution I'm considering is to have an encrypted version of the e-mail address as a custom ID, and having login requests go via our backend server which can generate that ID and use it to identify the account and log in (using client API) to get other details. When the user changes e-mail, backend changes that customID linked to the account. The actual login is done with a fixed username (not visible to the user) and their password.
I want to ask a) is this usage in general crazy? and b) there has been a suggestion that having many logins go through our backend will look like a security risk to PlayFab so it won't work. Is this the case?
Thanks for any help.