You are viewing...

Cross Domain Authentication

Updated on December 08, 2010 at the 16th hour
Posted under:

DISCLAIMER: Expressed views on this blog are my own.

What is cross domain authentication?

I believe it is a scenario where one website completely separated from another (meaning it cannot legally access cookies of another domain) and provides its own services, wants to authenticate a user and delegates all login authentication services to another web site. An example of this is Facebook Connect, where users on an application login to facebook through facebook connect and is authenticated through that system.

Why am I looking at this?

I want to create Excerion Games website as the main portal for all of its games, so it will contain the accounts while the games contain the characters. Logging onto Excerion Games will allow a user to go to one of our games and choose a character to start the game immediately. This allows a seamless transition between any game we create. One practical scenario might be if I wanted to go on Dark Gale for a little while, then got bored and wanted to go a new hypothetical Excerion Games game and choose my character without having to login again, then I see it as a benefit and less of a frustration as I might type the password wrong and get banned from logging in for 15 minutes.

What are the option for doing this so far?

Well, for one, I am thinking of forgetting this issue entirely and having each game look at the sessions table stored inside of Excerion Games. There are no hurdles to this solution, it might as well be backward compatible with my existing login system, and is probably the most secure way of doing this.

The second solution seems to be to create an Excerion Games API where games will send a request for login credentials, not in plain text, and use that to login to games. This would be an exclusive external API.

The last solution includes the use of Javascript and Ajax. I would create a Javascript class specifically for login, use Ajax to request certain things from Excerion Games, and then populate values in the Javascript class from the Ajax request which can then be used for  handshake functions with Excerion Games. Not the most thought out of solutions, but it seems to work in my head.

What am I doing so far?

Still planning a way to do this. In the meantime, I am looking at how facebook does this in general as how they do it exactly is not what I want.

You just read "Cross Domain Authentication". Please share if you liked it!
You can read more recent posts here.