Difference between revisions of "Third Party Authentication"

From King Arthur's Gold Wiki
Jump to: navigation, search
m
Line 1: Line 1:
 
The [[API]] has a number of security features which are used internally by the game client and other KAG systems.  While document partially or in full, these are not intended for public use.
 
The [[API]] has a number of security features which are used internally by the game client and other KAG systems.  While document partially or in full, these are not intended for public use.
  
In theory these API features can be used to allow 3rd party sites and applications to emulate a "single sign-on" type of usage, however the problem is that this can train users/players to think that it is okay to plug their KAG account information into any site that asks for it.  This is not unique to KAG's authentication, but rather any single sign-on type of implementation.  If enough community devs would like this to be offered as a proper service, it may be planned for proper support in the future (with API keys distributed to those consuming it in sites).  Please provide feedback as documented at [[API Feature Planning]]
+
In theory these API features can be used to allow 3rd party sites and applications to emulate a "single sign-on" type of usage, however the problem is that this can train users/players to think that it is okay to plug their KAG account information into any site that asks for it.  This is not unique to KAG's authentication, but rather any single sign-on type of implementation.  If enough community devs would like this to be offered as a proper service, it may be planned for proper support in the future (with API keys distributed to those consuming it in sites).  Please provide feedback as documented at [[API Feature Planning]].
  
 
'''If''' you are thinking about using the security mechanisms as a single sign-on, please contact FliesLikeABrick at ryan@u13.net (or forum PM/Conversation) for the following:
 
'''If''' you are thinking about using the security mechanisms as a single sign-on, please contact FliesLikeABrick at ryan@u13.net (or forum PM/Conversation) for the following:

Revision as of 21:10, 12 March 2012

The API has a number of security features which are used internally by the game client and other KAG systems. While document partially or in full, these are not intended for public use.

In theory these API features can be used to allow 3rd party sites and applications to emulate a "single sign-on" type of usage, however the problem is that this can train users/players to think that it is okay to plug their KAG account information into any site that asks for it. This is not unique to KAG's authentication, but rather any single sign-on type of implementation. If enough community devs would like this to be offered as a proper service, it may be planned for proper support in the future (with API keys distributed to those consuming it in sites). Please provide feedback as documented at API Feature Planning.

If you are thinking about using the security mechanisms as a single sign-on, please contact FliesLikeABrick at ryan@u13.net (or forum PM/Conversation) for the following:

  • Additional API usage details
  • A brief discussion about your plans
  • Some requirements that may be placed on your use of it, such as the inclusion of a warning to users that they are trusting you with their username and password

Failure to contact him before using the API for username/password authentication in a 3rd party site may result in a full block of your site in the API - meaning you can no longer query for basic information such as player profiles, user statistics or any future features.