vincent15000's avatar

Access a service without any email or password

Hello,

I'd like to dev a personal project to experience a kind of authentication, hmmm ... not a real authentication, but some way to access a service without using any email or password.

The idea is around a game where friend A proposes a challenge to friend B who can accept or reject it. After the challenge is accomplished by friend B, friend A gives a note for the degree of success of the challenge.

But I don't want to give access to this service with any email or password. I'd like to experiment something else.

Here is my idea.

Anyone could create a game without needing to authenticate : just open the home page on the browser and click on a button.

When creating a game, the creator receives a unique id and a game id (for example a random strings of 64 characters) and is then able to invite a friend to join the game by sharing the game id by email or any other communication way (WhatsApp, SMS, ...).

When joining a game shared by a friend, the user would just need to enter the game id in an input field. If he has already an account (user id) on the application, the new game will automatically added to his games' list.

I just think about how to recognize a user who has already an account and a game and who connects to the application from another browser, so how to identify that he already has an account ?

Given it's just for fun, this kind of application doesn't a high level of security.

What do you think about this idea ?

Has anyone already done this ?

Thanks for your comments ;).

V

0 likes
15 replies
zircuitz's avatar

If I understand correctly: You're looking for a way to reliably tie previously played game ID's to an account if the user eventually logs on?

Well one method is to track all played game ID's within a cookie, and upload and reset that cookie's content if the user eventually logs on. As to tracking said games across browsers and devices: One method would be to tie IP-addresses to the game ID's and track it that way. However, just be aware that this method may not work if multiple members in the same household who share the same public IP, tries to play. One way to combat this could be to also do fingerprinting. Doing this might be more effort than the result is worth. I'd say try not to worry too much about it, and just stick to simple cookies.

Just be aware however: Doing such tracking and fingerprinting without consent is illegal in areas subject to GDPR regulations.

2 likes
vincent15000's avatar

@zircuitz I really don't want to do tracking and fingerprinting.

As I'd like this application to be on a smartphone (PWA), perhaps the best way is simply to store the values in the localStorage.

But this won't be sufficient in case the user wants to connect from another device.

But it can also be a constraint : the user has to be aware that it's not possible to connect from another device.

Otherwise I will necessarily need to ask for an email, its perhaps easier. But without using this email to connect, otherwise all people could connect to everyone account.

Snapey's avatar

You could use signed URL containing the game reference, and a token that indicates if the user is the originator or the invitee

When they use the URL, put the gameID in session. As long as they maintain session, they can interact with the game across multiple get and post requests.

If they go away or switch devices, they can use the original URL and connect to the in-progress game

1 like
Snapey's avatar

Is it a consideration that two or more people don't play the same game?

1 like
vincent15000's avatar

@Snapey What do you mean ? Do I have to take into account that two or more people don't play the same game ?

Yes, there will be several games started between several people, but mainly pairs of people. So at least and the more often one game for 2 people.

But the same person can play to another game with another person.

Snapey's avatar

@vincent15000 I mean you will need some way to attribute the game to a unique individual.

Suppose I get an email from an invitee, saying hey, try this game, but then when I click the url, the game is already half done.?

1 like
vincent15000's avatar

@Snapey Ok I understand ... well ... no ... it can't happen because in my mind the game is mostly for two people (rarely more).

cgsmith105's avatar
cgsmith105
1 year ago
Best Answer
Level 1

You will need to store a cookie or have a way to identify the user. You want to allow anonymity while allowing a full account of the games played by whom... which is a paradox.

I think you need to find a balance between getting the game ID and tracking play-ability. What is the reason to track the user's games played?

1 like
vincent15000's avatar

@cgsmith105 @snapey I specify that in my mind it's not a game which you are going to play at the moment. A person proposes a challenge and the other person has several days to accomplish the challenge. Even a person can devide to let 15 days to the other person to accomplish the challenge.

@cgsmith105 And the reason why I want to track the users's games is that a user can play with several persons (in different games) at the same time, so he has to be able to switch from one to another game when the application is open.

vincent15000's avatar

@Snapey Perhaps I have an idea.

As each person will start playing from a device (either a computer or a tablet or a smartphone), each one will receive a user_id (UUID or ULID) that can be store in the localStorage. So the game will be accessible only from this device.

If he wants to connect from another device, he just has to reveal his user_id (from a link in the menu) and copy and paste it in an input field from his new device to have access to his current games.

What do you think about this possibility ?

vincent15000's avatar

@Snapey It could be so ... well I don't know ... I wanted to try another way to access an application. And effectively it would be easier for a user to use his email.

Perhaps the idea behind this is to keep a total anonimity.

And also experiment something else in a personal project.

Please or to participate in this conversation.