Mirror/doc/Guides/Authentication.md

# Authentication

When you have a multiplayer game, often you need to store information about your player for later games, keep game stats or communicate with your friends. For all these use cases, you often need a way to uniquely identify a user. Being able to tell users apart is called authentication. There are several methods available, some examples include:
-   Ask the user for username and password
-   Use a third party oath or OpenID identity provider, such as Facebook, Twitter, Google
-   Use a third party service such as PlayFab, GameLift or Steam
-   Use the device id, very popular method in mobile
-   Use Google Play in Android
-   Use Game Center in IOS
-   Use a web service in your website

## Encryption Warning

By default Mirror uses Telepathy, which is not encrypted, so if you want to do authentication through Mirror, we highly recommend you use a transport that supports encryption.

## Basic Authenticator

Mirror includes a [Basic Authenticator](../Components/Authenticators/Basic.md) in the Mirror / Authenticators folder which just uses a simple username and password.

## Custom Authenticators

Authenticators are derived from an `Authenticator` abstract class that allows you to implement any authentication scheme you need.

To make your own custom Authenticator, you can just create a new script in your project (not in the Mirror folders) that inherits from `Authenticator` and override the methods as needed.
-   When a client is authenticated to your satisfaction, you simply call `base.OnServerAuthenticated.Invoke(conn)` and `base.OnClientAuthenticated.Invoke(conn)` on the server and client, respectively.  Mirror is listening for these events to proceed with the connection sequence.
-   In the inspector you can optionally subscribe your own methods to the OnServerAuthenticated and OnClientAuthenticated events.

Here are some tips for custom Authenticators:
-   `OnStartServer` and `OnStartClient` are the appropriate methods to register server and client messages and their handlers.  They're called from StartServer/StartHost, and StartClient, respectively.
    -   `RegisterMessage` has a boolean parameter `requireAuthentication`.  This defaults to true and **must** be specified false for any messages you need to exchange with the client before they're authenticated.
-   Send a message to the client if authentication fails, especially if there's some issue they can resolve.
-   Call the `Disconnect()` method of the `NetworkConnection` on the server and client when authentication fails. If you want to give the user a few tries to get their credentials right, you certainly can, but Mirror will not do the disconnect for you.

    -   Remember to put a small delay on the Disconnect call on the server if you send a failure message so that it has a chance to be delivered before the connection is dropped.
-   `NetworkConnection` has an `AuthenticationData` object where you can drop a class instance of any data you need to persist on the server related to the authentication, such as account id's, tokens, character selection, etc.

Now that you have the foundation of a custom Authenticator component, the rest is up to you. You can exchange any number of custom messages between the server and client as necessary to complete your authentication process before approving the client.
Document authentication (#575) 2019-03-09 22:01:35 +00:00			`# Authentication`

Updated Authentication doc 2019-07-06 20:32:21 +00:00			`When you have a multiplayer game, often you need to store information about your player for later games, keep game stats or communicate with your friends. For all these use cases, you often need a way to uniquely identify a user. Being able to tell users apart is called authentication. There are several methods available, some examples include:`
			`- Ask the user for username and password`
			`- Use a third party oath or OpenID identity provider, such as Facebook, Twitter, Google`
			`- Use a third party service such as PlayFab, GameLift or Steam`
			`- Use the device id, very popular method in mobile`
			`- Use Google Play in Android`
			`- Use Game Center in IOS`
			`- Use a web service in your website`

feat: Authentication Framework (#1057) * Component-based Authentication * Capitalized IsAuthenticated * Added isAuthenticated to NetworkConnection * Removed activeAuthenticator as unnecessary * Removed unnecessary using * Added more comments * Documentation * Added cs to code blocks in doc * fixed typo in doc * Doc improvements * Fixed another typo in doc * Removed HideInInspector * Updated doc and image * Fixed comment * Added inspector header and tooltips * Fixed typo * Add AuthenticationData object * Add a bullet point in the doc about AuthenticationData * Updated screenshot image * Added HelpURL attribute * Added Initializers for both Server and Client * Fixed doc grammar and phrasing * Forgot to add the ClientInitialize in StartHost * Updated doc with info about the initializers * Changed initializers from bool to void. * Eliminated the abstract model and renamed to NetworkAuthenticator and made all methods virtual * Fixed comment * Fixed typo * Doc cleanup * Doc Cleanup * authenticator RemoveAllListeners in StopServer and StopClient * Update Assets/Mirror/Runtime/NetworkManager.cs Co-Authored-By: vis2k <info@noobtuts.com> * Changes requested by Vis * reverted conflicting change * Revert "reverted conflicting change" This reverts commit f65870e073e069118207d1a7abee875b347cfb60. * UnityEditor.Undo.RecordObject * made the name camelCase * Added internal methods and On prefix to methods * Reverted this change so it can be done in a separate PR * Moved authenticator calls to after runInBackground * Add built-in timeout feature * Changed UnityEditor.Undo.RecordObject to use gameobject * Convert to Abstract, add Basic Authenticator, update docs. * Removed timeout, against my better judgement. * Removed the rest of timeout, still against my better judgement * Fixed event listener mappings * Renamed and consolidated methods * updated doc and image * made OnClientAuthenticate and OnServerAuthenticate abstract * Updated Debug log msgs * changed to authenticator != null * Renamed to NetworkAuthenticator 2019-09-17 08:41:04 +00:00			`## Encryption Warning`

			`By default Mirror uses Telepathy, which is not encrypted, so if you want to do authentication through Mirror, we highly recommend you use a transport that supports encryption.`

Added Authenticators section 2019-09-21 04:28:30 +00:00			`## Basic Authenticator`

			`Mirror includes a [Basic Authenticator](../Components/Authenticators/Basic.md) in the Mirror / Authenticators folder which just uses a simple username and password.`

feat: Authentication Framework (#1057) * Component-based Authentication * Capitalized IsAuthenticated * Added isAuthenticated to NetworkConnection * Removed activeAuthenticator as unnecessary * Removed unnecessary using * Added more comments * Documentation * Added cs to code blocks in doc * fixed typo in doc * Doc improvements * Fixed another typo in doc * Removed HideInInspector * Updated doc and image * Fixed comment * Added inspector header and tooltips * Fixed typo * Add AuthenticationData object * Add a bullet point in the doc about AuthenticationData * Updated screenshot image * Added HelpURL attribute * Added Initializers for both Server and Client * Fixed doc grammar and phrasing * Forgot to add the ClientInitialize in StartHost * Updated doc with info about the initializers * Changed initializers from bool to void. * Eliminated the abstract model and renamed to NetworkAuthenticator and made all methods virtual * Fixed comment * Fixed typo * Doc cleanup * Doc Cleanup * authenticator RemoveAllListeners in StopServer and StopClient * Update Assets/Mirror/Runtime/NetworkManager.cs Co-Authored-By: vis2k <info@noobtuts.com> * Changes requested by Vis * reverted conflicting change * Revert "reverted conflicting change" This reverts commit f65870e073e069118207d1a7abee875b347cfb60. * UnityEditor.Undo.RecordObject * made the name camelCase * Added internal methods and On prefix to methods * Reverted this change so it can be done in a separate PR * Moved authenticator calls to after runInBackground * Add built-in timeout feature * Changed UnityEditor.Undo.RecordObject to use gameobject * Convert to Abstract, add Basic Authenticator, update docs. * Removed timeout, against my better judgement. * Removed the rest of timeout, still against my better judgement * Fixed event listener mappings * Renamed and consolidated methods * updated doc and image * made OnClientAuthenticate and OnServerAuthenticate abstract * Updated Debug log msgs * changed to authenticator != null * Renamed to NetworkAuthenticator 2019-09-17 08:41:04 +00:00			`## Custom Authenticators`

Added Authenticators section 2019-09-21 04:28:30 +00:00			Authenticators are derived from an `Authenticator` abstract class that allows you to implement any authentication scheme you need.
Culled some docs in favor of API, moved a few, navigation. 2019-09-19 11:00:50 +00:00
feat: Authentication Framework (#1057) * Component-based Authentication * Capitalized IsAuthenticated * Added isAuthenticated to NetworkConnection * Removed activeAuthenticator as unnecessary * Removed unnecessary using * Added more comments * Documentation * Added cs to code blocks in doc * fixed typo in doc * Doc improvements * Fixed another typo in doc * Removed HideInInspector * Updated doc and image * Fixed comment * Added inspector header and tooltips * Fixed typo * Add AuthenticationData object * Add a bullet point in the doc about AuthenticationData * Updated screenshot image * Added HelpURL attribute * Added Initializers for both Server and Client * Fixed doc grammar and phrasing * Forgot to add the ClientInitialize in StartHost * Updated doc with info about the initializers * Changed initializers from bool to void. * Eliminated the abstract model and renamed to NetworkAuthenticator and made all methods virtual * Fixed comment * Fixed typo * Doc cleanup * Doc Cleanup * authenticator RemoveAllListeners in StopServer and StopClient * Update Assets/Mirror/Runtime/NetworkManager.cs Co-Authored-By: vis2k <info@noobtuts.com> * Changes requested by Vis * reverted conflicting change * Revert "reverted conflicting change" This reverts commit f65870e073e069118207d1a7abee875b347cfb60. * UnityEditor.Undo.RecordObject * made the name camelCase * Added internal methods and On prefix to methods * Reverted this change so it can be done in a separate PR * Moved authenticator calls to after runInBackground * Add built-in timeout feature * Changed UnityEditor.Undo.RecordObject to use gameobject * Convert to Abstract, add Basic Authenticator, update docs. * Removed timeout, against my better judgement. * Removed the rest of timeout, still against my better judgement * Fixed event listener mappings * Renamed and consolidated methods * updated doc and image * made OnClientAuthenticate and OnServerAuthenticate abstract * Updated Debug log msgs * changed to authenticator != null * Renamed to NetworkAuthenticator 2019-09-17 08:41:04 +00:00			To make your own custom Authenticator, you can just create a new script in your project (not in the Mirror folders) that inherits from `Authenticator` and override the methods as needed.
			- When a client is authenticated to your satisfaction, you simply call `base.OnServerAuthenticated.Invoke(conn)` and `base.OnClientAuthenticated.Invoke(conn)` on the server and client, respectively. Mirror is listening for these events to proceed with the connection sequence.
			`- In the inspector you can optionally subscribe your own methods to the OnServerAuthenticated and OnClientAuthenticated events.`

			`Here are some tips for custom Authenticators:`
			- `OnStartServer` and `OnStartClient` are the appropriate methods to register server and client messages and their handlers. They're called from StartServer/StartHost, and StartClient, respectively.
Culled some docs in favor of API, moved a few, navigation. 2019-09-19 11:00:50 +00:00			- `RegisterMessage` has a boolean parameter `requireAuthentication`. This defaults to true and must be specified false for any messages you need to exchange with the client before they're authenticated.
feat: Authentication Framework (#1057) * Component-based Authentication * Capitalized IsAuthenticated * Added isAuthenticated to NetworkConnection * Removed activeAuthenticator as unnecessary * Removed unnecessary using * Added more comments * Documentation * Added cs to code blocks in doc * fixed typo in doc * Doc improvements * Fixed another typo in doc * Removed HideInInspector * Updated doc and image * Fixed comment * Added inspector header and tooltips * Fixed typo * Add AuthenticationData object * Add a bullet point in the doc about AuthenticationData * Updated screenshot image * Added HelpURL attribute * Added Initializers for both Server and Client * Fixed doc grammar and phrasing * Forgot to add the ClientInitialize in StartHost * Updated doc with info about the initializers * Changed initializers from bool to void. * Eliminated the abstract model and renamed to NetworkAuthenticator and made all methods virtual * Fixed comment * Fixed typo * Doc cleanup * Doc Cleanup * authenticator RemoveAllListeners in StopServer and StopClient * Update Assets/Mirror/Runtime/NetworkManager.cs Co-Authored-By: vis2k <info@noobtuts.com> * Changes requested by Vis * reverted conflicting change * Revert "reverted conflicting change" This reverts commit f65870e073e069118207d1a7abee875b347cfb60. * UnityEditor.Undo.RecordObject * made the name camelCase * Added internal methods and On prefix to methods * Reverted this change so it can be done in a separate PR * Moved authenticator calls to after runInBackground * Add built-in timeout feature * Changed UnityEditor.Undo.RecordObject to use gameobject * Convert to Abstract, add Basic Authenticator, update docs. * Removed timeout, against my better judgement. * Removed the rest of timeout, still against my better judgement * Fixed event listener mappings * Renamed and consolidated methods * updated doc and image * made OnClientAuthenticate and OnServerAuthenticate abstract * Updated Debug log msgs * changed to authenticator != null * Renamed to NetworkAuthenticator 2019-09-17 08:41:04 +00:00			`- Send a message to the client if authentication fails, especially if there's some issue they can resolve.`
			- Call the `Disconnect()` method of the `NetworkConnection` on the server and client when authentication fails. If you want to give the user a few tries to get their credentials right, you certainly can, but Mirror will not do the disconnect for you.

			`- Remember to put a small delay on the Disconnect call on the server if you send a failure message so that it has a chance to be delivered before the connection is dropped.`
			- `NetworkConnection` has an `AuthenticationData` object where you can drop a class instance of any data you need to persist on the server related to the authentication, such as account id's, tokens, character selection, etc.

			`Now that you have the foundation of a custom Authenticator component, the rest is up to you. You can exchange any number of custom messages between the server and client as necessary to complete your authentication process before approving the client.`