mikecann
commented
8 months ago I just had a thought.
Is the "player_id" returned from the signIn unique per app. So that is if the same user logs into AppA and AppB will signIn return two different ids?
If this is the case then we could effectively treat the "player_id" as a secret token (so long as we dont publicly expose it) as it is not guessable.
Thoughts?
Hi, thanks for creating this plugin.
The issue is that the data that that
signInreturns is only very basic (player_name, player_id) and doesnt contain enough information to be able to do server-side validation of this user. This is an issue as we cannot simply trust the ID that the client sends to the server.For IOS I notice this code: https://github.com/openforge/capacitor-game-connect/blob/main/ios/Plugin/CapacitorGameConnect.swift#L16
And looking up the docs: https://developer.apple.com/documentation/gamekit/gklocalplayer I can see that this a bunch of stuff that is omitted that would allow us to to do the server-side validation.
May I ask why it has been omitted and if it is possible to add it?