-
Notifications
You must be signed in to change notification settings - Fork 2
Auth system
OOTS Authentication is quite simple. It's composed of three basic "elements" - usernames, passwords and tokens. Token is a randomly generated string that, together with the username, identifies one session. The game is (or will be :-) ) checking it's current token validity before connecting to a server. Tokens should have wise timeout, in our implementation, they're valid for 10 minutes.
The whole system needs two web services - we call them authservice and checkservice in the code.
Authservice is a service that receives an username and a password and returns a valid token or an error code. The username and the password are sent from the game/launcher using HTTP POST. If the type of request is not POST, it should return ERROR_OTHER. If the username/password combination is bad, it should return ERROR_BAD.
Checkservice receives the username and the current token. If the token was valid, but it has timeouted, it should return ERROR_TIMEOUT. If this token has never existed, it should return ERROR_BAD. Otherwise, it should return FINE. It should only receive HTTP POST request and return ERROR_OTHER if it isn't as well.
URLs to these two services are placed in class dax.blocks.auth.AuthManager as final Strings AUTHSERVICE_URL and CHECKSERVICE_URL. Launcher needs only the AuthService, URL is placed in class com.jboudny.launcher.Authentication.