-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature]: A URI handler could streamline inviting players to connect to your server #5075
Comments
It would also be nice to see the link added to |
Ooh, I hadn't thought of that. Yes, that would streamline notifications. An addon that implemented it would need a warning that every player gets sent the webhook URL including security token in the campaign state so it's not a good idea to use if you run a public game. Perhaps it would be useful to expose some cryptography primitives to MTScript so that it would be possible to implement per-user secret data by encrypting it with a random key and storing that key encrypted by the public keys of every user who should be able to read it in the header of the data. |
Not sure why you need to have a security token since current MT login process can handle this for you. Easy connect allows for a way to accept unknown public keys only once the GM has verified who the user is, and verified public keys can be allowed to connect with no further verification after this process. If you do need to limit known public keys for a URI for different groups then add a randomized id or token to uri which can also be recorded against public keys. This way there is nothing the GM could paste/reveal that should have been encrypted as a secret as authentication still needs to happen and is not part of the URI. You could also limit webhook on get info to GM only In any case to bypass this would only open up more places there could be potential security issue. The once off sharing of numbers to allow connection shouldn't be too burdensome, multi factor auth is becoming very prevalent the days |
I meant protecting the security token that's in the webhook URL rather than adding additional tokens to the connection URL.
Yep, need to recommend in the addon's documentation that storing a webhook URL in your campaign should only be used with pubkey auth.
Yep, sounds like we agree it's it's more useful to use EasyConnect with PIN and maybe add a URI the GM can click to accept a connection than add a new token-based auth scheme. |
Describe the Problem
When starting a game with my group I have to announce via discord that I have started the server.
Automatically prompting my players to join would be ideal, but manually prompting with a link that contains everything they need to join that they can just click would make the process smoother.
Apart from making it a single click, this could include any additional connection parameters and remove the need to go back and forth explaining how to connect.
The Solution you'd like
When the GM starts the server a URI is copied to their clipboard, they can go to connection information to find copyable text and buttons for links to connect.
Alternatives that you've considered.
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: