How To Check If User Has Signed Up So As To Keep Them Logged In?

Hi,

I am currently setting up my own portal to access the coronaCloud functions.

Got leaderboards and news done, but my question is regarding single sign-on.

So lets say a user creates a new account in my game using the coronaCloudController.registerUser function.

Does that user need to sign in each time he opens the app from afresh?

Or can I call a function in corona-cloud-core.lua to check if user exists and therefore passses the currentAuthToken to sign in automatically?

Hey Icy Spark, you don’t need to log the user in every time if you already have the auth_token, you can just go ahead and use the auth_token with your calls.

-Mohamed

Hi Mohamed,

My question relates to when the user quits the app and comes back to it the next day for example.

Is it safe to save the authtoken to the documents folder, so that I can check there if it exists.  If so I can log them in without requesting the loginAPI.

Or how would you best do it.

I would really like the user to register then sign in only once, then never have to sign in again!

Hi Icy Spark,

What we’ve seen done in the past is you can encrypt and store the auth_token locally (either on file or a DB).

Then load it and use it, make sure you check for an error for example if the the token is invalid, where you would prompt the user to log-in.

Thanks

-Mohamed

That’s great Mohamed cheers for that.

I cant use crypto due to US laws etc, so how would I do that?

By using Corona Cloud (and most 3rd partys like ad networks & anylictics), you’ll be sending data over https which apparently falls under the crypto rule too:

http://blog.theanimail.com/iphone-encryption-export-compliance-for-apps-0

(They received their cert after contacting the US Gov in a followup blog post)

It is dated 2010, so no idea if it is still relevant, but I’d imagine so?

Unfortunately I can’t give you any legal advice on wether this is permitted or not.

What you can do in the absence of encryption, is to store the auth_token in a DB.

By no means this is equivalent to encryption, but I guess it will require more effort and knowledge for anyone to access.

Thanks

-Mohamed

Hey Icy Spark, you don’t need to log the user in every time if you already have the auth_token, you can just go ahead and use the auth_token with your calls.

-Mohamed

Hi Mohamed,

My question relates to when the user quits the app and comes back to it the next day for example.

Is it safe to save the authtoken to the documents folder, so that I can check there if it exists.  If so I can log them in without requesting the loginAPI.

Or how would you best do it.

I would really like the user to register then sign in only once, then never have to sign in again!

Hi Icy Spark,

What we’ve seen done in the past is you can encrypt and store the auth_token locally (either on file or a DB).

Then load it and use it, make sure you check for an error for example if the the token is invalid, where you would prompt the user to log-in.

Thanks

-Mohamed

That’s great Mohamed cheers for that.

I cant use crypto due to US laws etc, so how would I do that?

By using Corona Cloud (and most 3rd partys like ad networks & anylictics), you’ll be sending data over https which apparently falls under the crypto rule too:

http://blog.theanimail.com/iphone-encryption-export-compliance-for-apps-0

(They received their cert after contacting the US Gov in a followup blog post)

It is dated 2010, so no idea if it is still relevant, but I’d imagine so?

Unfortunately I can’t give you any legal advice on wether this is permitted or not.

What you can do in the absence of encryption, is to store the auth_token in a DB.

By no means this is equivalent to encryption, but I guess it will require more effort and knowledge for anyone to access.

Thanks

-Mohamed