I am starting to use PlayFab for my new web based game and I would like to allow anonymous logins. I read though
https://docs.microsoft.com/en-us/gaming/playfab/features/authentication/login/login-basics-best-practices and it was very helpful. However being that my game is played via the web browser I would have to use LoginWithCustomID.
My understanding is that the client calls LoginWithCustomID with a body that has a unique ID and create account true. Then I can save the cluster id in the browser's local data so it can be used again to login as the same user.
So my question is how do I prevent clients of just spamming LoginWithCustomID with random IDs and creating tons of accounts? My first guess is don't call LoginWithCustomID on the client, instead call it on a backend server but I would still have the same problem.
I can't seem to think of a good solution for this. Any ideas? Or is this something that I just have to deal with somehow?