question

Talha avatar image
Talha asked

Password Reset Email

Scenario : unity game.

Hi, I've been reading this:

https://docs.microsoft.com/en-us/gaming/playfab/features/engagement/emails/using-email-templates-to-send-an-account-recovery-email

Understood everything but Step 5 : point 3: and Step 6:

How do we use the token? whe is the token returned? How do we retrieve the new password?

In step 5 point 2:

we have our website/ResetPasswordForm, With just two Input Fields. Password and confirm Password. Now What to do? (sorry this is my first interaction with websites).

In step 6:

"After the player is directed to the callback URL and fills out the form with a new password,

you can use that information, in addition to the token in the query string,"(How?)(is this some Javascript Sorcery?)

where did the newPassword and token came from in the C# Example code in step 6.

Partner Add-ons
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image
Seth Du answered

You can integrate PlayFab SDK on your website (directly using HTTP calls is also feasible) and when user click the hyperlink in the email, he will be redirected to a website you input in the template, but with additional query string in the URL.

As the documentation mentioned, “The redirect URL will contain a token in the query string, and will look something like what appears below. https://www.example.com/?token=2346241B7C277796.” This is automatically done by PlayFab, you should not worry about it and you can try it on your own in your title.

The token is the PlayFab ID of the player, you can pass the data in the form the user fills in from the front end to the backend of your website, Admin API ResetPassword can be called to update password. Besides, you may also do some verification steps before the reset.

3 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Talha avatar image Talha commented ·

Mate i was thinking about one thing. Can we use PlayStream event "auth_token_validated" to update the password from the mobile device.

Like here's whats in my mind.

player adds email and password. after a while player forgets the password. he clicks the "forgot password" button. We send him a confirmation email saying click this button. when he clicks the button. We can use the "auth_token_validated" event to execute a cloudscript that opens up a password reset panel in the game. From there player can update the password. When player presses the UpdatePassword Button we call the updatepassword function and close the panel?

would this approach work? is there any security flaw or do you have any reservations on this approach?

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Talha commented ·

>>execute a cloudscript that opens up a password reset panel in the game

I am not sure how will you handle this. Cloud Script can only process data or return designated value and will act like any other RESTful APIs. In addition, users still need to open their mailbox and click hyperlink to complete the process.

Besides, changing password is only available in Admin API, which is not supported in Cloud Script. You still need a place( e.g. a dedicated website) for resetting password.

0 Likes 0 ·
Talha avatar image Talha Seth Du ♦ commented ·

Got it. Thankyou so much.

0 Likes 0 ·
Talha avatar image
Talha answered

@SethDu It got me thinking last night and i came up with a mechanism. Let me know what you make of it.

client presses the button"reset password". We send him an email with a link. He clicks on the link we use that event to execute a cloudscript. That cloudscript updatesone user stat "Password reset" to 1.

the client restarts the game we check the stat. if its one we open up a input box where he types his new password, we take all the relevant information and pass it to our cloudscript where we check if the stat"Password reset" equals to one or not. if one then we update the user password. change the "Password reset" stat to 0.

What do you think? this could work right?

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Talha avatar image Talha commented ·

Bummer. I just read your comment again, Admin api is not available in cloudscript. Would've been a great help. guess website is the only solution.

How do we add the playfab sdk to our website?

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Talha commented ·

I am not sure how do you build your website but PlayFab supports multiple languages including Java and JavaScript and we are not expertise on Web Development The most important thing is due to it is Admin API and secret key will be required, it will be better to implement PlayFab in the backend.

0 Likes 0 ·
bbekec avatar image
bbekec answered

Hello, I read the content and i am also at the same point with Talha. I downloaded Playfab SDK javascript and uploaded it into a directory (Playfab) in my website. Now i am stuck. What should be next step to provide player to change the password?

Thanks.

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image Seth Du ♦ commented ·

When the player opens the redirected website, The redirect URL should contain a query string, which is a token for verification. Basically your website will prompt a text field to input the new password. The query string, along with the new password will be used in the request of ResetPassword API.

This is a very basic work flow of changing password. I am not expert on web development, if necessary, please find more help from corresponding developer community.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.