I am developing a PC VR game ( with plans to port it to Oculus ( which is Android ) ). using PlayFab and Photon for the authentication, game services and real-time networking. I'm using the demo scene PlayFabSignIn . I was initially stumped when trying to create two accounts, but realized that deviceID was being used as the customID, and hence I was getting a "user already exists" error. I do not want to the account strictly tied to the device, as multiple users may use the same device to create an account (e.g. different family members ).
Side note, the GUI in the demo is somewhat misleading since it is asking for a user name, but really what it wants is an email address. This was my initial point of confusion when the error says that the user already exists ( was duplicate customID/deviceID, not duplicate email address )
So the question is, what would be the best practice for assigning a customID other than device ID? My initial thought is to use a large random number/string for the initial account creation. The odds of a collision will be rare at best, and worst case, the user simply tries again and gets a unique ID the next time.
Would this be a good approach from a security point of view? If not, what would be a better way of generating the custom ID?
I am developing a PC VR game ( with plans to port it to Oculus ( which is Android ) ). using PlayFab and Photon for the authentication, game services and real-time networking. I'm using the demo scene PlayFabSignIn . I was initially stumped when trying to create two accounts, but realized that deviceID was being used as the customID, and hence I was getting a "user already exists" error. I do not want to the account strictly tied to the device, as multiple users may use the same device to create an account (e.g. different family members ).
Side note, the GUI in the demo is somewhat misleading since it is asking for a user name, but really what it wants is an email address. This was my initial point of confusion when the error says that the user already exists ( was duplicate customID/deviceID, not duplicate email address )
So the question is, what would be the best practice for assigning a customID other than device ID? My initial thought is to use a random number/string for the initial account creation. The odds of a collision will be rate at best, and worst case, the user simply tries again and gets a unique ID the next time.
Would this be a good approach from a security point of view? If not, what would be a better way of assigning a unique customID without using device ID?