winter magnet
I'm going to add some in game currency that people can earn by winning/daily login and then spend to unlock stuff, buy upgrades and wearables. These requests MUST be secured, so only the owner of the account can use the currency. Basically what I would like to achieve is to treat a piece of panorama as a simple website.
Is there a way to get a verifiable token (some JWT, OIDC access or id token or any other SECURE thing) "out of the box". If this is not available (which would not surprise me at all), is there a way to make a button open a URL for OIDC in the browser and after the user logs on the website with their account send the token from that auth flow back to the panorama? ||For starters for sure it would need log in with steam to make sure it's the same profile as the user currently playing, but maybe in the future I could make a multi account login and allow users to link for example their google account for easier access||
I know I could send requests to lua server and use DSKv3, but this solution bothers me in multiple ways:
- If someone could in any way generate DSKv3 (I heard somewhere that it is in fact possible), even if I generate a bunch of them and rotate them randomly it it would be useless and my users currency would not be safe.
- Minor one, I'm not a fan of giving extra workload to the thing that runs the actual game
- I'd want IDEALLY to use a single websocket for both sending commands and recieving real-time updates of the user inventory, notifications and potentially (in game, not steam) trades/trade offers. Unfortunately sockets are not available in dota lua API
- This could require implementing some APIs 2 times, one for the website and one for the game which I'm not exactly a fan of
lofty leaf