WilkinsonK
commented
8 months ago It might be simpler/better to use a simple access token ~16 chars that is passed into the URL where users are then 'trusted' to select their identity.
One way or another, auth flow might look something like this.
As a player, I would like to be able to return to a session that I have previously joined, if I am allowed. To do this, I will need to have some way to prove my authenticity, most likely via username/password.