User Identification Mechanisms

User Identification Mechanisms Using PlayFab and JWT for SpaceCreator Web Platform.

Introduction

In today's digital environment, ensuring user security and privacy is essential for any online platform, especially in applications like SpaceCreator. This document will outline the process of implementing a secure and robust user identification mechanism using PlayFab, based on the user's email and password, for the SpaceCreator web platform, with the addition of using JWT (JSON Web Token) for even more secure authentication.

Setting Up Secure Login with PlayFab

PlayFab is a cloud service suite specifically designed for application developers that offers a variety of features, including user authentication.

Implementing Secure Login

The secure login process using PlayFab involves encrypting the password entered by the user before sending it to the PlayFab server. Using a secure hashing algorithm, such as bcrypt, protects users' passwords against potential unauthorized access attempts.

Creating a shared secret between the User and the Server

To achieve proper encryption in communications between the client and server, a shared secret between the user and the server is used. The shared secret is created through the PlayFab Admin API and is subsequently used to obtain the application's public key.

Obtaining the Public Key and Encrypting the Payload

Once the shared secret has been obtained, the client uses that secret to request the public key. With the public key, the client can encrypt the content of login requests and properly protect user information.

Verifying Credentials and JWT Token generation

The user credentials are sent to an API on our servers that communicates with PlayFab. Once it receives validation from PlayFab, it generates a JWT token and sends it back to the client. The client can use that token to self-identify on our platform as well as to call our APIs. This token is unique and ephemeral, ensuring that only the authenticated user has access to their account.

Secure Communication Between Client and Server

The SpaceCreator web platform uses secure connections (HTTPS) to ensure that information transmitted between the client and server is protected against potential attacks.

In conclusion, implementing login with PlayFab, along with the use of JWT and proper encryption of login requests, provides a robust and secure user identification mechanism for the SpaceCreator web platform. Proper configuration and adherence to best practices ensure that user authentication is reliable and protected against potential security threats.