9

I'm working on a multiplatform game in Flash. This game utilizes Photon Server for authoritative physics and user statistics tracking. I'm looking to leverage Facebook authentication as an alternative to creating a domain specific account. I'm curious if I can use the Flash SDK for Facebook to indirectly authenticate a user on the Photon Server application.

I've not made anything for Facebook, though I've looked through several different sources of information and have yet to find a solution which seems applicable. For example I've looked at the javascript libraries which outline the returned data, such as user id, and the access token. This seems to be all of the data I need to track for the players. I also know that the access token is for short term authentication, and primarily used to utilize Facebook functionality post-authentication. Given this, tying the data to the account is done with the Facebook user id. It also transmits an expire date.

I can leverage message encryption using the Photon Server framework. The users are linked to game accounts using an inherited entity derived from an abstract PlayerData class in a server-side Entity Framework model. This entity contains the information for Facebook authentication.

Can third-party authentication be done safely by forwarding the encrypted user access token and user id to the server from the Flash client, after authenticating with the Flash API for Facebook?

What methods are available for determining that the Facebook credential are still active, so that the client can be disconnected from the server should they log out of Facebook?

Kody Manharth
  • 264
  • 2
  • 12
  • 1
    You have the makings for one or more good questions here. But your question will likely be closed as too broad. Focus your question on a specific issue within the broader range of the questions you have asked. Explaining what you have already researched and why you are still having a challenge will direct the answers towards the area(s) you care the most about. –  Nov 30 '13 at 14:45
  • 1
    Thanks, I've fixed it up a bit. Let me know if it's still off, please. – Kody Manharth Nov 30 '13 at 15:43
  • 1
    Maybe this helps: http://doc.exitgames.com/en/photon-realtime/CustomAuthenticationwithFacebook – Kaiserludi Dec 02 '13 at 17:18
  • @Kaiserludi - I've seen this and sadly it's not of use. I require Authoritative capabilities for my server. FB Auth logic isn't a feature in Photon Realtime, their cloud based, non-authoritative PaaS, not Photon Server. The server platform is nearly entirely reliant on libraries written in C# by the developer. I could FB Auth with C# but the issue of displaying the Facebook login/app approval widgets presents itself. This leave no way for the user to login/approve the app, however. I'm guessing [Protocol Level Encryption](http://doc.exitgames.com/en/photon-server/Encryption) is the solution. – Kody Manharth Dec 02 '13 at 18:25

1 Answers1

0

I would highly suggest for you to take a look at these articles from Facebook's Developer site:

Additional Commentary

I also have some experience with developing a custom authentication/authorization system and integrating with the other primary providers (Facebook, Google and Microsoft) from a Blazor SPA client which is served to the browser from a .NET webserver. In order to solve the many many problems that arise with auth, as you have also discovered, I found it the most simple solution being to implement the OIDC specification. This spec offers up several well-defined "flows" describing the protocol with which to accomplish various objectives relating to authentication/authorization.

Chaplin Marchais
  • 142
  • 7