IW4Login - Easy centralized login system

vdawg-git commented 2 years ago

Outline

A proposal for an easy centralized IW4 login solution making user management nice and simple.

General idea

There will be one website where a user can login with Google and he will be signed in to all servers, using this to be developed feature of IW4Admin, by having his IP address saved. In this way the login is decoupled from IW4Admin and easy to adopt. Resulting in cheaters having a harder time evading bans and players profiting by keeping their stats and permissions across machines and installs.

The website

A simple site explaining its purpose with a login button. If the user is logged in, just display his logged in email and his IP-addresses. Also, if his IP is new, display a button to add his new IP-address.

In Game

When a user joins a server, it queries IW4Login to see if the users IP address is logged in, if not do what the server owner configured or use the default action. For example: Displaying a notification, moving him to spectator and kicking him after five minutes if he is still not logged in.

The preparation

To prevent a sudden decline in player count, the requirement to login should be announced beforehand, preferably when a user joins the server, he will get notified about it. The notification should include the link to IW4Login, which will already allow users to login, even if the feature is not in production yet or enabled.

Server owners can enable the feature before it reaches production with a simple toggle on the IW4Admin dashboard, while getting notified about it with a notification banner for it. This should increase server participation substantially.

The launch of the feature should be synced to prevent players from simply switching to other servers, which have not enabled it yet, by having it enabled on most servers.

Example timeline

The feature is announced in January (random month). Not ready for production yet, but server owners get notified and can already sign-up for participation.
The website goes up, allowing users to login already, even if it does not have an effect yet.
Then users who join a server get notified, for example: "To play you will have to login soon. Visit iw4login.com to login and disable this notification." (So that there is at least some usage into logging in)
The feature is ready for production and goes live in two weeks. The in-game notifications adjust and display the countdown to the users. "In 14 days you will have to login to play. Visit iw4login.com to login and disable this notification."
Feature goes live and everyone is happy

Misc.

Display a login button on enabled IW4Admin dashboard for users to quickly find the IW4Login site.
The player base has a lot of Russians and other Slavic players who do not speak English well, also supporting Russian on the website and also displaying Russian notifications would be good.
The IW4Admin panel would get a hash of the user email as his ID, to prevent sharing unnecessary data with server owners.

GaryCraft commented 1 year ago

This could be better implemented as an oauth2 login flow, which could also use a generalized default system, and this would require a registration for each IW4M-Admin instance to the OAuth2 Provider, which could be facilitated, and also make every instance quite more secure, just by the logic of the standard, so no abuse can be done, account details are secured and so on...

More so, this would enable using any other already OAuth2-compatible services, maybe like GitHub, Google, and many many more to login.

or something like it... maybe?

vdawg-git commented 5 months ago

Sorry for the late reply. I am not really gaming anymore, but I still like the idea of making private CoD more playable.

Yes, OAuth2 would be awesome.

RaidMax / IW4M-Admin