Mobile development

Authorization like Clash of Clans? How does it work?

Hello
, I'm interested in how authorization works, for example, in a game like Clash of Clans.
Online there on the server about 5 million players.
The game does not require any authorization: install - play.
In the settings, it is possible to link an account to a Google or Facebook or GameCenter (iOS) account, but this is just a link, like on some website, to log in not only with a regular login / password.
I'm interested in how exactly this authorization works without specifying data? The game does not require any authorization through Google Play Services / Game Center to play online. But after all as the same authorization happens?
Of course it can be some kind of Telephony.DeviceID / ANDROID_ID / Mac Adress is a unique (but not guaranteed) device ID. But if everything is so simple, then someone could generate thousands of accounts (because only this id is needed for authorization).
Or another option: no device ID is used here, just the server sends some unique UUID at the first start, which will be the login token.
But what, again, prevents then naregat thousands of accounts?
I'm interested because I'm going to make a game on mobile devices, and I want to know if it makes sense to deal with such authorization, or just make it mandatory to register in the game on first launch, through Google / Play Services / Facebook / Game Center. It's just that if someone registers thousands of accounts, then the server will eventually go down, there must definitely be something more complicated there.
Thanks in advance !