With kongregate_game_auth_token, it’s sent to the game creator’s client. Would this mean we could use this login token (game creators) and log into others accounts for our games? Would that be considered against the TOS of Kongregate?
All that’s required for someone to do this a Kong ID+Username+Auth Token. The ID and Username of which is public if you view their profile sources.
For example (link is separated for easy viewing):