Account Auth for 3rd Parties

A nice addition to the API would be account authentication for third parties (like Discord does.) I think this would be useful for developers, and other utilities that want to interact with the Teverse API. Perhaps OAuth2 would be nice.

Thanks :smiley:

3 Likes

Account Authentication is unique.

In Teverse, we already have a way to connect Discord accounts to users. Maybe, instead of API, we can add checks for Discord, or we can call authentication checks through the site.

i.e. if a Discord account is not tied to a Teverse account, it could return nil.

Your main point of being able to check for accounts is valid and something we should look into.

In my mind, I was thinking more of a feature where I can get an API token that is tied to account and then access the account through that. I’m not sure that we were on the same page.

For example, when you make a Discord bot, it gives you an API token that allows you to utilize the bot (and people can limit access.)

I don’t think that sending requests through Discord to (I’m not exactly sure) check for accounts???

In my mind, I was thinking more of a feature where I can get an API token that is tied to account and then access the account through that. I’m not sure that we were on the same page.

Oh, I see what you mean.

My apologies, my example was reversed from my intention. In the Teverse site, there is an option to tie an existing Discord account to your Teverse account. Should there not be a tied account that value will return as false. (The value of discord.connected = false)

There’s a teensy tiny problem to my example. Binary options do not authenticate users. Further, my fear is someone could say that users who do not have Discord can be removed from playing the level all together. But this is neither here, nor there, as we first need to establish accessing connected accounts. I’m interested in how Terabyte Services will come along, as it will be accessible on virtually any platform w/o requiring a Teverse account for end-users.

1 Like

That’s interesting though, as it’s could be a way for discord-teverse bots to work better.
As well as a way where if the verified user has permission to promote someone for example, it does that instead of having to login to a bot using a cookie etc.

We’ve implemented an OpenID provider with Teverse, but are yet to release custom client applications to developers.

3 Likes

Adding onto previous replies, I think that this feature is worth looking into.

However, I much rather have it be a distinction between two account types (normal users and bots). Normal users would be able to anything they please on the site (as they normally would). Bot users would be more restricted (i.e strict API enforcement but, open) but would have access to far more on the groups (community) and metrics (dev.) side of things.

Hopefully, this would mitigate the need to have users using their own account and leaking sensitive information as a result. Often times more than not, information gets passed to the wrong people and becomes a nuisance to our infrastructure (i.e botting games, posting group walls, botting groups, etc).

cc: @Jay , @Superioran

1 Like

This makes me think about how Discord handles bot accounts. I think a feature similar to that would be interesting. Definitely not a “right out of the gates” feature, though. Something good to think about.

1 Like

Maybe,
That can be completely bypassed all together. As then we don’t need bots.
I can work with Jay, and I can make a discord bot where essentially, if the user has perms to-do it in the group, they can promote someone in the group and it says that they did it.

cc: @Jay @Superioran @Sanjay

Sasial - the point in the API integration is to give more people access to the tools, rather than one developer. I like where you are thinking, however we want to prevent exclusivity in an open source environment.

The point of open source is to give everyone the ability to create tools and applications and levels that they can imagine in their mind. “Power to the people!”

Fair point.
But can’t you just provide an API for it under the user?
Like, instead of it being done through a bot account, maybe a way so that the user in question is auto-logged in?

In order to interface with any external program, you need to have a front-facing API. This can come into the form of libraries or a collection of public endpoints.

This can’t be more true. Discord bots only provides for one platform where a front-facing API can be applied to almost every platform imaginable. This, in essence, if we didn’t it would be incredibly restricting and wouldn’t give developers control.

Doing automated actions on a user account is a significant risk. Creating multiple accounts only makes that much worse as it would be harder to identify normal users from those that are used as bots. If user accounts are used, we’d have to put awkward and obtuse rate-limits that makes things that much harder.

The idea of bot accounts are, in theory, applications made by the user that uses the front-facing API to interact with Teverse in a secure and ethical way. We can apply rate-limits to those types of account without restricting normal user accounts and since it’s an application, multiple instances can be made under one singular account rather than a multitude of others.

My point though, is that instead of using bot account, the teverse JS wrapper or something should use the user’s account.

Well, no.
As the bot wouldn’t be for everyone in the group.
Just for the user.