Giter Site home page Giter Site logo

Comments (3)

gafferongames avatar gafferongames commented on May 19, 2024

I think that stuff is a great idea, eventually the backend matcher should be able to be extended (or integrated with your own matcher) that provides this auth, and then it creates the connect token to pass to the yojimbo dedicated server on connect. But I don't plan to add this functionality directly to yojimbo.

from yojimbo.

fire avatar fire commented on May 19, 2024

Can you leave details hints where this functionality can be added? It would be helpful.

I'm tempted to write my own backend just for fun. With elixir and maybe phoenix or grpc.

from yojimbo.

gafferongames avatar gafferongames commented on May 19, 2024

Take a look at matcher.go. Matcher.go is an example showing how a web backend can create and return a connect token to a client over HTTPS. The client then uses this connect token in secure_client.cpp to establish a secure connection to a yojimbo server (encrypted, authenticated via matcher), and if you are running secure_server.cpp, insecure connections are not allowed, all client connections must come in with connect tokens.

So the basic idea is that you extend matcher.go to create your own backend, or port the code in matcher.go to your own backend, perhaps in some different language, so you can create a connect token and return the matcher HTTPS response that the yojimbo client is expecting. Then, the whole OpenID stuff you would do on that backend, authenticating users, and only allowing OpenID authenticated users to request and receive connect tokens.

This way, the OpenID authentication in your backend is effectively transferred to yojimbo servers when you run them in secure mode (#define YOJMIBO_SECURE_MODE 1), because those servers only allow connections with connect tokens, and only users that have authenticated with OpenID are able to get connect tokens from your backend.

This is how the whole yojimbo thing is supposed to work. The connect tokens are the bridge between whatever auth you implement in your backend and the dedicated servers.

ps. Before you go into production with this, make sure you roll a new private key for the matcher (or your own backend), and the dedicated servers instances. The security of this system relies on the private key being known only to the backend and dedicated server instances.

cheers

  • Glenn

from yojimbo.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.