Answer the question
In order to leave comments, you need to log in
Authorization like Clash of Clans? How does it work?
Hello
, I'm interested in how authorization works, for example, in a game like Clash of Clans.
Online there on the server about 5 million players.
The game does not require any authorization: install - play.
In the settings, it is possible to link an account to a Google or Facebook or GameCenter (iOS) account, but this is just a link, like on some website, to log in not only with a regular login / password.
I'm interested in how exactly this authorization works without specifying data? The game does not require any authorization through Google Play Services / Game Center to play online. But after all as the same authorization happens?
Of course it can be some kind of Telephony.DeviceID / ANDROID_ID / Mac Adress is a unique (but not guaranteed) device ID. But if everything is so simple, then someone could generate thousands of accounts (because only this id is needed for authorization).
Or another option: no device ID is used here, just the server sends some unique UUID at the first start, which will be the login token.
But what, again, prevents then naregat thousands of accounts?
I'm interested because I'm going to make a game on mobile devices, and I want to know if it makes sense to deal with such authorization, or just make it mandatory to register in the game on first launch, through Google / Play Services / Facebook / Game Center. It's just that if someone registers thousands of accounts, then the server will eventually go down, there must definitely be something more complicated there.
Thanks in advance !
Answer the question
In order to leave comments, you need to log in
I see 2 possible options:
1. A registration request signed by the application is sent based on a unique device identifier (Telephony.DeviceID / ANDROID_ID / Mac Address and possibly some other data) with encryption using the application's public key (the key is "embedded" inside the application): the formation formula - also, within the application, the request before transmission - is encrypted with a key.
Those. signed data is sent by the application itself, which you cannot fake WITHOUT an installed application, which will prevent you from making a cloud of accounts.
2. It is possible that through the Google user ID (using the API).
If you are not logged into Gamecenter and do not link your FB account, then by deleting the application and downloading it again, the progress will be lost. So a unique key is sent, which is stored in the application. If you are logged into the GC (most gamers are), then it is tied to the id of the GC, without entering any data automatically.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question