https://github.com/fogleman/loginserver

Online multiplayer game login server for secure user authentication.
https://github.com/fogleman/loginserver

Last synced: 11 months ago
JSON representation

Online multiplayer game login server for secure user authentication.

• Host: GitHub
• URL: https://github.com/fogleman/loginserver
• Owner: fogleman
• License: mit
• Created: 2014-01-08T20:56:35.000Z (about 12 years ago)
• Default Branch: master
• Last Pushed: 2022-11-19T07:36:20.000Z (over 3 years ago)
• Last Synced: 2025-04-01T20:12:25.646Z (12 months ago)
• Language: Python
• Homepage: https://craft.michaelfogleman.com/
• Size: 270 KB
• Stars: 24
• Watchers: 4
• Forks: 14
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
## Login Server

Online multiplayer game login server for secure user authentication. Written in Python using Flask.

https://craft.michaelfogleman.com/

### Architecture

![Diagram](http://www.michaelfogleman.com/static/img/login_server.png)

### User Registration

   * The user visits the web front-end of the login server to register for a new account.

   * After registering and logging in, the user can manage “identity tokens.”

   * The user creates an identity token which is copied and pasted into the game client.

   * The game client saves the username and identity token to use for future logins.

   * An identity token looks like: `717e3c1a034247ef91e6b78dd8088b77`

   * The user can revoke any identity token at any time. The identity tokens are more secure than regular passwords and the user doesn’t need to reuse or make up a new password.

### Login Process

   * Game Client contacts Login Server over secure HTTPS.

   * Game Client sends stored username and identity token to Login Server.

   * Login Server checks for matching identity token in database (they are salted and hashed just like passwords).

   * If the identity token is valid, the Login Server creates a new, short-lived access token. This is sent back to the Game Client.

   * The Game Client sends the access token to the Game Server (this connection is plain text because we don’t need / want encrypted communication for game play). Access tokens can only be used once and expire in one minute.

   * The Game Server sends the access token to the Login Server to verify the client's request to authenticate.

   * If the access token is valid, unexpired and unused, the Login Server confirms a successful login and sends user information to the Game Server, such as a distinct user ID.

   * The Game Server can then use the user information as needed. The user is now logged in.

### Implementation Details

   * The Game Client is written in C. It uses libcurl to easily perform HTTPS POSTs to the Login Server. It uses plain sockets for communication with the Game Server.

   * The Game Server is written in Python. It uses the requests module to communicate with the Login Server.

   * The Login Server is written in Python and uses the Flask web framework.