I'm wanting to allow users to create an account on my server automatically using their Game Center account. When my iOS app opens up it requires a connection and authentication with an XMPP server in order to communicate with the game server. I'm trying to find something in GKLocalPlayer that is private to a logged in device that I could use to create/validate a remote user login, but the only thing that seems to be unique to the player is their playerID which is fairly public.
I don't really want to use GameCenter for everything because then it partitions my user base to only iOS devices.
From developer.apple.com
... if your application connects to your own network services, you can use the player identifier on your service to save data there as well.
Since the player identifier isn't private, how sure can we be sure that this isn't being faked?
Everything in GKLocalPlayer
can be faked. Same can be said for UIDevice
.
A better strategy is to assign private session data to each device that connects and provide means to link device sessions to accounts via a verification email. Perhaps include the playerID
to allow interaction with GameKit data, but not as a means of identification.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With