Cloud saves

[jeremyckahn]

~Add Google Drive-based authentication and support for cloud-based game saves~.

Users should be able to log into the game and save their files automatically to the cloud.

[jeremyckahn]

~For reference: https://developers.google.com/drive/api~

[jeremyckahn]

~We should be able to use https://github.com/anthonyjgrove/react-google-login for this.~

Never mind, the Google APIs that react-google-login depend on are deprecated: https://github.com/anthonyjgrove/react-google-login/issues/538

[jeremyckahn]

Using Google for cloud saves wound up being problematic. Their latest "one tap" login solution requires a 5-second delay before logging in upon revisiting the page. This would make for a poor UX. For now, I'm going to explore using Discord as the identity provider and storing the save files in a managed MongoDB database.

It looks like logging in via Discord should be achievable:

• https://discord.com/developers/docs/topics/oauth2
• https://discordjs.guide/oauth2/#implicit-grant-flow

[jeremyckahn]

It seems that the Discord strategy requires a backend for authentication. 😕 We don't have that aside from some serverless functions in Vercel right now, and I don't know if that's worth bringing in just for this.

I think I might set this task down for now and come back to it later. If anyone else wants to implement cloud save functionality, let me know!

[jeremyckahn]

We might also consider not using a third-party service for identity management. We could do it completely client-side and streamline the authentication process with the Credential Management API. I'm thinking that we could request a username and password from the user, hash the two strings together in the browser, and use that hashed result as the unique identifier for the user in the backend.

• Credential Management API demo
• Tutorial article

[jeremyckahn]

It occurred to me that the design described in my previous comment is prone to abuse. There's nothing stopping users from crafting API requests that would fill up any database we manage with junk data. I want to keep project infrastructure management to a minimum for Farmhand, so this may not be a path forward. Considering that, we may want to go back to using a third-party identity provider. Google has proven to be problematic, so perhaps we could consider Dropbox or GitHub accounts because such accounts could be used to store users' game data as well.

• https://www.kmaschta.me/blog/2017/03/04/github-oauth-authentication-without-server
• https://stackoverflow.com/questions/10290125/how-do-i-authenticate-a-dropbox-app-and-use-the-api-without-leaving-the-webpage

[jeremyckahn]

Rather than leveraging a specific cloud storage/identity provider to implement a cloud save system, I'd like to look towards using WebAuthn to identify users. We can use player's WebAuthn-based ID to tie them to their stored save data on the back end. This should hopefully prevent abuse and empower players to manage their Farmhand identity however they'd like to.