Authentication of dedicated servers on 3rd party apps

[gouxim]

Fellow coders,

It's planned to design and integrate to the API and the SDK a workflow to somehow authentify a dedicated server on a 3rd party app.

Typical use case: you have a cloud application (eg. a centralized records database), and dedicated servers (or more exactly controllers of dedicated servers like ManiaLive) send you records ; the problem here is to make sure than when you receive a request on behalf of server "some_dedicated_login", it's actually coming from that particular dedicated server.

It's a bit similar to ManiaConnect (which, among other things, allows to authentify a player on a 3rd party app) but for dedicated servers.

The details of the implentation are yet to be finished, but I'm creating this topic to let you know about it.

As always, any feedback is appreciated.

[Jojo_44]

Hi gouxim,

at first, thanks that you are sharing your thoughts with us. You are the only one from Nadeo who do this^^

topic:
If I understand your post right, you wanna create something that dedimania already have. If you wanna use dedimania on your server, you need to go do the dedimania page and login with your tm2 acc and there you see all your registered servers. Then you just create a key there and paste them into the dedimania config file in your servercontroller directory.

I´m not sure ...

best regards, Jojo

[gouxim]

You are the only one from Nadeo who do this^^

Hmm, that's not true. See for example how hylis (for those who don't know, he's the director of Nadeo) communicates planned ideas with the community.

you wanna create something that dedimania already have. If you wanna use dedimania on your server, you need to go do the dedimania page and login with your tm2 acc and there you see all your registered servers. Then you just create a key there and paste them into the dedimania config file in your servercontroller directory.

Yes indeed. But instead of 3rd party apps having to re-invent the wheel each time, we'd like to provide a simple and efficient system so that dedimania don't have to handle that authentication and players don't have to register on each website.

[matrix142]

Thanks gouxim!

I'm very interested in the outcome

[Jojo_44]

You are the only one from Nadeo who do this^^

Hmm, that's not true. See for example how hylis (for those who don't know, he's the director of Nadeo) communicates planned ideas with the community.

Ok, let´s say you are one of the most active nadeos And maybe you noticed a bigger inbox in the last month, that´s because it goes around that you are faster than some others ...

you wanna create something that dedimania already have. If you wanna use dedimania on your server, you need to go do the dedimania page and login with your tm2 acc and there you see all your registered servers. Then you just create a key there and paste them into the dedimania config file in your servercontroller directory.

Yes indeed. But instead of 3rd party apps having to re-invent the wheel each time, we'd like to provide a simple an efficient system so that dedimania don't have to handle that authentication and players don't have to register on each website.

Ah ok, I understand A solution I could imagine: You register a server on the player page and you get a key which you put f.e. in the dedimania config and then dedimania can check if the key matches with the key you (nadeo) stored.

best regards, Jojo

[matrix142]

Easier it would be without an extra key for the dedicated server.

The best solution would be to put your dedicated account data (login and password) into the dedimania config (e.g.) and send your playerlogin and than dedimania could check with the script from nadeo if the data matches together.

[Jojo_44]

Easier it would be without an extra key for the dedicated server.

The best solution would be to put your dedicated account data (login and password) into the dedimania config (e.g.) and send your playerlogin and than dedimania could check with the script from nadeo if the data matches together.

Yes this would be easier but no as safe as the solution with an extra key. The 3rd party app could store your dedicated server data. Ok, nobody would do that because everybody can create an account for free but it´s imaginable Let´s wait what´s the master talking about

regards, Jojo

[gouxim]

The goal is to have a system where both side don't have to do anything.

It may work like that (but that's just an idea, I have yet to think it all the way through):

On the client side, you get a token from the MP WS that is valid for your dedicated server login and the 3rd party app API username: let's say for the example my server is super_server and the 3rd party app username is super_app.

You'd do on the dedi's side:
$token = $someservice->getToken('super_server', 'super_app');

The token would have a lifetime like 1hour, and the SDK would automatically handle the cache so you only make like one api call per 3rd app username.

Then you send your request to the 3rd party app with the token in param:

GET http://example.com/api/some_blabla?dedi ... ken=$token

Then the party app would check that the token is valid for that dedi login - and it can only be valid if it's checked with the API username "super_app" (ie. the api usernampe for which the token was created). Once again, the SDK would handle cache of the token to minimize the request rate.



In any case, I'm still thinking about it. I'm very busy at the moment so I believe it should come somewhere in february.

Thanks for your feedback

[matrix142]

I'm very busy at the moment so I believe it should come somewhere in february.

Now it's almost end of March.
I know you have much other things to do, but when can we expect a first version?

[gouxim]

To quote Florent: "When it's done". More seriously, we're all extremely busy with the upcoming release of ShootMania, and our schedule is very dynamic so I unfortunately don't have a release date to give you. Sorry for that, but you'll all have to be a bit patient.

In the meantime, you can use an alternative solution to do that. Have your users have credentials on your API for example.