Post by JackPrograms in Enable a way for browser games to access the username of current player

Viewing post in Enable a way for browser games to access the username of current player

The issue is cookies get wiped all the time, and don’t transfer between browsers. There could be, as I’ve said many times, a unique identifier (probably formed with a one way hash + salt between games and stuff) that has no real direct link with an account, but allows people to sync data with the account via a developers’ server.

Then the user would provide a username (in a text box in game or something, and thus the account is linked with a UID & a user provide account name, without any sensitive itch.io data sent.)

I think it would be so cool to have a game where you have user made maps, game saves, friends lists and all that sort of stuff without needing to worry about logins and that complicated sort of stuff.

It’s also probably worse (security wise) to have all these “amateur developers” you speak about, who want to do stuff like this handling user passwords and that sort of data.

Like Reply

redonihunter56 days ago

I think it would be so cool to have a game where you have user made maps, game saves, friends lists and all that sort of stuff without needing to worry about logins and that complicated sort of stuff.

Yes. But for this, Itch needs a major overhaul. Maybe starting with friends lists and direct messages and such. Oh, and direct messages won't be coming any time soon, because they are a moderation nightmare. They would need some concepts that are low maintenance. User interactions of any sort are not low maintenance as a rule. If it were easy, such features would be seen on Itch since long ago. This thread is 5 years old. And was recently bumped. I just wanted to add my todays perspective: it is a bad idea.

And leafo already said, if such a feature would be done, it would be opt in. And it would have to be per developer. Quite a lot of permission data. But asking users to share their information with (amateur and unknown) devs is a bit wobbly. Who would guarantee that no illicit things are tried with the data? And Itch is constantly under attack. There are hacked accounts every day. Most are from discord hacks or downloaded fake games. But if there are ways of attack that can utilize browser games, scammers will use this in some way. If they are successfull often is another story, but they will use and try to abuse the system. Browser games are "safe" because they run in a sandbox in the browser. Any kind of unneccesary exposure is a risk. Also, some people would be very concerned about privacy. Just because you probably won't be hacked, does not mean you would want to see your name somehwere. Opt in is nice on paper, but it does not work as a concept. There are just too many things the average user does not grasp, what such an opt in would entail.

The reason there are no examples is that the feature isn’t fully implemented. Most traffic doesn’t use the itch.io app for web games, so it would prevent most users from using the feature.

If the needed api would require the usage of the Itch app, all this is moot wishfull thinking anway. And the api that already is there is not used? I mean, not web games specifically, but no games at all? (That you know of). Too exotic a use case for the mostly drm free games maybe. I have seen drm games, but very, very few. I could not name it, actually, I just dimly remember seeing games that had some kind of launcher or login data or whatever.

Like Reply

JackPrograms56 days ago(+3)

Yes. But for this, Itch needs a major overhaul.

Wrong, the whole point is that user made maps, game saves, friends lists and all that sort of stuff would be implemented game by game. If we passed a UID to web games, you could store all this data (saves, maps, etc) in a database and have it associated with a user w/o each game having a login, sorta like OAuth, but you don’t even need to pass any user data to developers.

User interactions would only happen in game. Very little if any work from itch, other than generating & sending in a UID.

You don’t need to send much of any user data to implement all of this.

the api that already is there is not used?

People develop stuff for other people, there’s no point in putting a lot of time into a cloud save system & friends lists & full multiplayer synced with itch.io if 99% of people on the platform can’t/don’t use it.

Like Reply

redonihunter56 days ago

Uhm.

Implemented game by game? You serious?

Stored in a database by the developer? On which server?

You seem to talk about stuff that would be in a web game that has no need to be hosted on Itch to begin with. Itch web games are from small indie and amateur developers. They usually do not have the ressources nor the expertise to implement all these things on top of their game. And if they do, they do not need the profile info to do login stuff. Better yet, if they do it on their own, they are not limited to host on Itch.

I did not mean that the other things are requirements with that overhaul. I meant that the feature on its own is not a good idea. It does not fit with the rest of Itch's features and how privacy is handled and how players interact with each other while playing a game.

Like Reply

Josep Valls56 days ago (1 edit) (+2)

Agreed with JackPrograms. We are not talking about steam workshop here. Just an id that I can handle in the backend myself. Ideally there would be a display name as well so that every developer doesn’t need to implement their own spam and swearword detection in each game. And logged out users can be identified as well and we can decide if we want to randomize or just display something like “anonymous logged out user” as display name when the id is null.

Like Reply