Closed Sheikah45 closed 2 years ago
The steam ID check in the lobby server is entirely redundant and unnecessary.
Login with tokens requires the lobby scope to be in the token and to have the lobby scope requires that game ownership has been verified.
So everyone who logs in has been verified. also this enables disabling the deprecated password login on the server to force a verified login.
Also only checking steam IDs is not valid as verification can occur using gog as well now.
Also this will allow for the eventual migration of sensitive user details to be stored on a separate machine.
The steam ID check in the lobby server is entirely redundant and unnecessary.
Login with tokens requires the lobby scope to be in the token and to have the lobby scope requires that game ownership has been verified.
So everyone who logs in has been verified. also this enables disabling the deprecated password login on the server to force a verified login.
Also only checking steam IDs is not valid as verification can occur using gog as well now.
Also this will allow for the eventual migration of sensitive user details to be stored on a separate machine.