*normal* authentication

Since Kongregate API has very bad authentication methods i need to know how i can manually authenticate user in my game.
I can’t send any HTTP queries on authentication level.

Facebook and other social networks allow to do something like sha256_get(session_key, API_FB_SECRET); and compare it with auth_key.

Kongregate has an amazing authentication service, which you can read about here.

How can you not send any HTTP queries? Your client should never be trusted so if you have a server and can’t do them, that’s not a good sign.

It is simply. It working on ALL other social networks.

Developer and network (NET) know secret key and NET generates md5(app_id + user_id + secret_key) and send this as auth_key
Developer’s server perform another computation and compares auth_key, received from NET with his generated auth_key.

It is very fast and allows to do not send any HTTP requests.

P.S.: Sorry for my English :)

Method fully described there: http://en.wikipedia.org/wiki/Zero-knowledge_proof

Zero-knowledge proof is not an authentication method. There is much more to security when authenticating a user, I recommend using a framework that deals with authentication for you.

kolya7k the best I can say is don’t fight the wave, ride it! :) The API works good enough.