Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce proper auth solution #2

Open
SilasBerger opened this issue Sep 23, 2024 · 1 comment
Open

Introduce proper auth solution #2

SilasBerger opened this issue Sep 23, 2024 · 1 comment

Comments

@SilasBerger
Copy link
Owner

See https://github.com/GBSL-Informatik/teaching-api/blob/main/src/routes/authConfig.ts.

Need auth for the following features:

  • Verify that lockboxes provide the correct API key when trying to open a WS connection.
  • Verify that web clients provide the correct client API key when calling and endpoint such as caches/checkAnswer and known players is required.
  • Distinguish between (authenticated) player clients and admin clients

We might also need to introduce multiple API keys: the lockbox API should have to go out to the public, since changing it is cumbersome.

Could it be useful to introduce passport? The onboarding process could create a session when the correct game key is provided. All subsequent requests could then simply rely on that session. Sessions don't need to be stored in a database - it's fine if we lose then after a server restart.
@SilasBerger
Copy link
Owner Author

Keep in mind that the game currently keeps track of known players as a sort of "game lobby", since we might want to introduce a scoring system later; see #4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SilasBerger