You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My problem is understanding how to do secure authentication. From what I understand, SpacetimeDB by default just accepts any connection. From what I understand the token given out by it is just for identification but not authentication. So I am wondering what the best flow for the authentication layer is. Does it make sense to have this external? Internal? How would I deal with people logging in and out? Revoking leaked tokens and so on. The usual authentication questions. So I wonder if people already have a general guidance on what one should do here to secure the db.
For me I would love something that allows me to also ban users from within the db. So I am guessing I will need guards inside of spacetimeDB. Likely on connecting if a user is banned -> disconnect. And then gameplay level checks for progression.
I am mostly looking for a general username password solution. Ideally something like oidc allowing utilisation of existing software but I am unsure if this is a good solution for the unique design of spactimeDB.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi maybe I am missing something:
First of all: SpacetimeDB is still rather new to me. I may miss the obvious here. I am aware of the Identity and I did see https://spacetimedb.com/docs/http/authorization
My problem is understanding how to do secure authentication. From what I understand, SpacetimeDB by default just accepts any connection. From what I understand the token given out by it is just for identification but not authentication. So I am wondering what the best flow for the authentication layer is. Does it make sense to have this external? Internal? How would I deal with people logging in and out? Revoking leaked tokens and so on. The usual authentication questions. So I wonder if people already have a general guidance on what one should do here to secure the db.
For me I would love something that allows me to also ban users from within the db. So I am guessing I will need guards inside of spacetimeDB. Likely on connecting if a user is banned -> disconnect. And then gameplay level checks for progression.
I am mostly looking for a general username password solution. Ideally something like oidc allowing utilisation of existing software but I am unsure if this is a good solution for the unique design of spactimeDB.
Beta Was this translation helpful? Give feedback.
All reactions