*normal* authentication

7 posts

Flag Post

Since Kongregate API has very bad authentication methods i need to know how i can manually authenticate user in my game.
I can’t send any HTTP queries on authentication level.

Facebook and other social networks allow to do something like sha256_get(session_key, API_FB_SECRET); and compare it with auth_key.

 
Flag Post

Kongregate has an amazing authentication service, which you can read about here.

How can you not send any HTTP queries? Your client should never be trusted so if you have a server and can’t do them, that’s not a good sign.

 
Flag Post

It is simply. It working on ALL other social networks.

Developer and network (NET) know secret key and NET generates md5(app_id + user_id + secret_key) and send this as auth_key
Developer’s server perform another computation and compares auth_key, received from NET with his generated auth_key.

It is very fast and allows to do not send any HTTP requests.

 
Flag Post

P.S.: Sorry for my English :)

 
Flag Post

Method fully described there: http://en.wikipedia.org/wiki/Zero-knowledge_proof

 
Flag Post

Zero-knowledge proof is not an authentication method. There is much more to security when authenticating a user, I recommend using a framework that deals with authentication for you.

 
Flag Post

kolya7k the best I can say is don’t fight the wave, ride it! :) The API works good enough.