I have a question regarding non-username/password logins I'd like to ask for your help with.
Scenario
For a game of ours we authenticate users server-side using tokens/keys/whatever from client SDKs of various vendors, like Facebook:
The client retrieves some access token from Facebook's SDK and sends it to the server, letting it identify the user safely with Facebook's servers, then getting the real user name (or id) from our own database.
The problem
We don't have a username or password the user can authenticate with in the first place. Also, any logged in user should only be able to be logged in once (so we need to use that SFS2X option to log out multiple sessions).
Planned solution
I use a zone extension with custom login functionality (=handling the USER_LOGIN event).
As it's possible in the client's LoginRequest to pass a SFSObject as parameters, I'll be using that to submit access tokens and other custom data required to identify the user. The login username/password will always be set to a static value like "user".
Now, my extension would ignore username and password but use the data from the parameter SFSObject to authenticate the user with Facebook, then find her in the local database and finally set her username as described here in section 4):
https://smartfoxserver.com/blog/how-to-create-an-extension-based-custom-login/
Questions
1) Will the user name change mentioned above also be picked up by SFS2X? Will it use that name for logging out other sessions with the same name? Or will it eventually stick to the originally submitted name (e.g. above "user"), in which case my solution won't work?
2) I couldn't find that mentioned explicitly in the docs, but what event parameter key denotes the custom SFSObject parameters in the event received by the handleServerEvent method? Is it LOGIN_IN_DATA:
Code: Select all
ISFSObject params = (ISFSObject) event.getParameter(SFSEventParam.LOGIN_IN_DATA);
Thanks a lot in advance!