Wednesday, June 4, 2014

Logging In

One aspect of my previous projects which I liked was that you could log in using existing accounts on Google, Facebook, and others.  It is convenient for the user and it saves me from managing credentials.  Sounds like a win-win to me.  The only downside is that people can get confused which account they logged in with before.  I think the upside outweighs the confusion issue though.  I want the barrier of entry to be as low as possible.

Sites with Benefits leveraged Janrain for authentication.  I'm going to go a different route with Project Venice, Passport.  This solution was built for Node.js and supports a large number of authentication providers including Twitch and Steam.  To start with I am just going to use Google.   Well, that was the plan at least.  Instead, I was greeted with:  OpenID auth request contains an unregistered domain.  It seems Google has depreciated the OpenID method of authenticating for new sites.

The 'proper' way to do this now is with Google+.  Luckily, there is a Passport Strategy for this as well, so it is easy to plugin.  On the Google side, this post explains how to get started.

Initially, I tried to create OAuth2 tokens using my hosts IP address.  Google did not like that for the redirect URI, as it wanted a hostname.  I don't want to buy one quite yet, so I went to and created one.  Google is now happy with that.  

With Google+ authentication working, I went ahead and hooked up MongoDB so I can actually create a user.  I don't really want to use any of the name information I get from Google, so players will have to create a username when they log in.  That means I will also have to develop a filter to prevent obscene names. 

You can log in an try it out :)  Let me know if it works or not.  You won't receive any spam as the database won't last long.