15:28 <+bridge> [ddnet] @deen https://ddnet.tw/stats/ max player count is now out of date, currently 2400 :) 15:31 <+bridge> [ddnet] @Patiga this page is updated nightly, see bottom: Refreshed: 2021-03-12 05:59 15:34 <+bridge> [ddnet] oh, nice 18:31 <+bridge> [ddnet] @Learath2 cough 18:31 <+bridge> [ddnet] :monkalaugh: 18:32 <+bridge> [ddnet] :monkaS: 18:32 <+bridge> [ddnet] couaccountsgh 18:34 <+bridge> [ddnet] @Learath2 we have actually some kind of paradox, since we want polls across all servers and some want accounts we may need to make a poll for accounts when a poll needs accounts 18:34 <+bridge> [ddnet] Ok forget this i was just trolling 18:34 <+bridge> [ddnet] :monkalaugh: :monkalaugh: 18:34 <+bridge> [ddnet] No poll for accounts please 18:35 <+bridge> [ddnet] accounts in some way are just coming, I think. the question is "how?" 18:35 <+bridge> [ddnet] I understand cosmetics I understand ux changes but something so core shouldn’t be polled... 18:35 <+bridge> [ddnet] I rly dont want hats 18:35 <+bridge> [ddnet] i want hats 18:35 <+bridge> [ddnet] anyone interested in WIP https serverbrowse clients? 18:35 <+bridge> [ddnet] it doesnt need to be tied to accounts 18:35 <+bridge> [ddnet] but hats will be very coo. 18:35 <+bridge> [ddnet] Do u have a https master? 18:36 <+bridge> [ddnet] I have a https master. it's called a script that dumps stuff into a file, and nginx 18:36 <+bridge> [ddnet] Hmm 18:36 <+bridge> [ddnet] Yes, I will be writing a summary of what I think so far on the issue and I’ll try to work with @Zodiac to come up with a complete proposal. It seems no one else is interested in forming the proposal together 18:36 <+bridge> [ddnet] Hey 18:36 <+bridge> [ddnet] I want in too 18:37 <+bridge> [ddnet] If we have something complete maybe we can resume discussing on it and make changes to that 18:39 <+bridge> [ddnet] The amount of university material I need to get through is mind boggling and on top of that I seem to have even less ability to focus this week 18:39 <+bridge> [ddnet] I’m really starting to believe I got cursed πŸ˜› 18:40 <+bridge> [ddnet] :monkalaugh: 18:45 <+bridge> [ddnet] https://github.com/ddnet/ddnet/issues/3666#issuecomment-797650176 18:45 <+bridge> [ddnet] > Remaining questions: How can the client detect that the response from a master server is stale? Should the client contact a second HTTPS master? When? How does the client choose which master to contact? It would be nice if it could select a geographically close one. Perhaps do a race? Unclear how to do this with curl, it's caching connections. 18:46 <+bridge> [ddnet] ideas? also taking them on discord 18:48 <+bridge> [ddnet] I replied on gh 18:56 <+bridge> [ddnet] replied again 18:59 <+bridge> [ddnet] re no one else is interested in forming a proposal: are you referring to me not accepting a "good enough" solution and instead overengineering it? πŸ˜› 19:01 <+bridge> [ddnet] other than that I consider myself interested πŸ˜‰ 19:15 <+bridge> [ddnet] Well it’d be nice to see your goals, desirables, undesirables for the feature 19:17 <+bridge> [ddnet] I mean it’s arguably indeed possible to re implement the entire protocol and implement a decentralized accounts system and implement blockchain to fix the naming issue. But it’s not very realistic we could take on something of that size given we usually all just work alone on our features 19:19 <+bridge> [ddnet] Asymmetric cryptography makes some features that will be desirable for an account system for games actually rather tough unsolved problems 19:20 <+bridge> [ddnet] Like account recovery for an unsolved one. Though whatsapp has it figured out somehow maybe we could take a look there 19:21 <+bridge> [ddnet] We could store encrypted private keys for users using a more traditional password, but that requires two passwords one that we know and a separate recovery key that we don’t etcetcetc 19:24 <+bridge> [ddnet] There are many avenues to look into and before looking into them we need to know what we are looking for. Are we looking for a more centralized approach like OAuth maybe or a semi centralized approach where we host the address book, do we want a separate auth server handling this, maybe a decentralized approach but only on the serverside with a kerberos like solution. 19:26 <+bridge> [ddnet] Currently if I had to roll it out ASAP I would go for an OAuth like infrastructure as most players don’t really care to store 32 word tokens safely with no other form of recovery 20:12 <+bridge> [ddnet] can we change this, or are we stricly against centering skins in scoreboard xd 20:12 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/820011306996072468/unknown.png 20:17 <+bridge> [ddnet] this is how it looks like centered, tees are also too huge generally: 20:17 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/820012641308114994/unknown.png 20:22 <+bridge> [ddnet] http servers seem to serve their current time. maybe we could compare that to the last-modified header 20:26 <+bridge> [ddnet] Google only having a dark mode on chrome is the most annoying thing I've heard in a decade 20:26 <+bridge> [ddnet] if u wanted to roll it asap u would do it simple like any website 20:27 <+bridge> [ddnet] I personally wouldn't sacrifice letting other servers use our accounts 20:27 <+bridge> [ddnet] i would use a jwt token and a refresh token thingy 20:27 <+bridge> [ddnet] but as I said I only know my and Zodiac and maybe your positions on this 20:28 <+bridge> [ddnet] I personally wouldn't really bother with the JWT you have to check if it's current with the backend either way, it's a waste of space imo 20:29 <+bridge> [ddnet] A nice session token with a quick in memory key value store is very hard to beat for me when it comes to authentication 20:29 <+bridge> [ddnet] maybe if I was doing microservices 20:29 <+bridge> [ddnet] I want to take the crypto stuff as a foundation only. let people register their key to an email address by typing /register or so, and verifying the email address 20:29 <+bridge> [ddnet] hmm arent most microservices sessionless 20:29 <+bridge> [ddnet] aka they use jwt 20:30 <+bridge> [ddnet] then we and third party servers can query the account server to get the account name associated to a certain key 20:30 <+bridge> [ddnet] where the account name is an arbitrary email address 20:30 <+bridge> [ddnet] one thing is registering, the other keeping the session 20:30 <+bridge> [ddnet] yes, that's why I said that. If I was doing microservices and I was certain I wouldn't revoke tokens that's what I'd go for 20:30 <+bridge> [ddnet] u can revoke tokens 20:30 <+bridge> [ddnet] blacklist them 20:30 <+bridge> [ddnet] until they expire 20:31 <+bridge> [ddnet] you can't without communicating with the backend 20:31 <+bridge> [ddnet] u can forget about ur token 20:31 <+bridge> [ddnet] ez logout 20:31 <+bridge> [ddnet] or what do u mean 20:32 <+bridge> [ddnet] i dont think u rly need to revoke a token for logging out 20:32 <+bridge> [ddnet] its just more secure i guess 20:33 <+bridge> [ddnet] > Access tokens carry the necessary information to access a resource directly. In other words, when a client passes an access token to a server managing a resource, that server can use the information contained in the token to decide whether the client is authorized or not. Access tokens usually have an expiration date and are short-lived. 20:34 <+bridge> [ddnet] > Refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-l 20:34 <+bridge> [ddnet] @Learath2 probably still too little specification? ^^ 20:34 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/820016887877599282/diag1.png 20:34 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/820016912523198475/diag2.png 20:34 <+bridge> [ddnet] xd 20:34 <+bridge> [ddnet] e.g. revoking someones rcon access 20:35 <+bridge> [ddnet] @Learath2 this is why u use refresh token thingy 20:35 <+bridge> [ddnet] the short lived token has the rcon info 20:35 <+bridge> [ddnet] if u have to blacklist it it wont be for long 20:36 <+bridge> [ddnet] refresh tokens aren't this short lived usually 20:36 <+bridge> [ddnet] refresh tokens live long 20:36 <+bridge> [ddnet] access token live short 20:36 <+bridge> [ddnet] access token has info about ur access rights 20:36 <+bridge> [ddnet] since u get it from the auth server 20:36 <+bridge> [ddnet] in my experience access tokens live for 15 mins to some hours 20:37 <+bridge> [ddnet] btw 20:37 <+bridge> [ddnet] ur oauth2 thingy uses this strategy 20:37 <+bridge> [ddnet] https://tools.ietf.org/html/rfc6749#section-1.4 20:37 <+bridge> [ddnet] yes but it's not stateless 20:37 <+bridge> [ddnet] I'm ingame I'll elaborate later 20:38 <+bridge> [ddnet] please also tell me whether you want a longer idea for accounts from me later πŸ˜‰ 20:38 <+bridge> [ddnet] well ping me later then 20:38 <+bridge> [ddnet] gonna play some elite dangerous then 20:38 <+bridge> [ddnet] :greenthing: 20:42 <+bridge> [ddnet] ya how will accounts work 20:43 <+bridge> [ddnet] are they finally being implemented 20:45 <+bridge> [ddnet] I think they are saying all this shit and it will end like always 20:46 <+bridge> [ddnet] Im just seeing the drama when someone gets their name stolen or whatever 20:47 <+bridge> [ddnet] not many people dont have forum or discord 20:47 <+bridge> [ddnet] probably all chinese players 20:48 <+bridge> [ddnet] I mean i jusy wanna see how you verify someone with 2k points 20:48 <+bridge> [ddnet] but its not gonna be needed to finish maps right? its just to verify a player on servers 20:48 <+bridge> [ddnet] Yes, I want to get into it, the details are the hard part with a asymmetric crypto solution 20:49 <+bridge> [ddnet] but I'm doing a centralized one on top of the crypto one 20:49 <+bridge> [ddnet] except that you don't have a password 20:50 <+bridge> [ddnet] your account is your recovery info, basically 20:50 <+bridge> [ddnet] With stateless JWT tokens you can't take immediate actions, if you want immediate actions there is always the cost of contacting the backend, so if we are contacting the backend anyway, might aswell get the entire user from there 20:51 <+bridge> [ddnet] @heinrich5991 so a classic account system with usernames and passwords that is used to store a private key? 20:51 <+bridge> [ddnet] no, without a password 20:51 <+bridge> [ddnet] uh what? 20:51 <+bridge> [ddnet] how do you recover anything then? 20:52 <+bridge> [ddnet] okay, you're not a mind reader πŸ˜„ 20:52 <+bridge> [ddnet] let me elaborate πŸ˜„ 20:53 <+bridge> [ddnet] Do your best guys and maybe add roles to the account system like admin/mod/tester/mapper/maybe roles based on points 20:54 <+bridge> [ddnet] Or evern years since first finish 20:55 <+bridge> [ddnet] all clients generate a key. if a user wants to register an account, they type /login while they're on a server with their key. after verifying the email address, they have their account with one associated key. if they're on another client, they can type /login to also associate this key to the account. the central server then provides a public mapping from public key to account. we can associate data to 20:56 <+bridge> [ddnet] e.g. the game servers can then also associate accounts to rcon level, doing away with the need for passwords there, too 20:57 <+bridge> [ddnet] @Learath2 does this become clearer? 20:57 <+bridge> [ddnet] does this mean that nobody except me can name themselfes Im 'corneum? 20:58 <+bridge> [ddnet] Even with that wont someone be able to for example just Rename as Aoe and do /login gmail@gmail.com to steal all his points? before he registers 20:58 <+bridge> [ddnet] no because aoe has a forum and discord account which we already know he has 20:58 <+bridge> [ddnet] no because aoe has a forum and discord account which we already know he is 20:59 <+bridge> [ddnet] But u could do it, he would have to reach out for support right? 20:59 <+bridge> [ddnet] sure 21:00 <+bridge> [ddnet] @bubliman I'm not talking about associating old points/ranks to the accounts yet 21:00 <+bridge> [ddnet] this is only about an account system for future ranks right now 21:03 <+bridge> [ddnet] @heinrich5991 how about recovery for private keys? do we just let people associate new keys? 21:03 <+bridge> [ddnet] One step at a time, good aproach ! πŸ™‚ 21:04 <+bridge> [ddnet] no recovery for keys. keys stay on the client, if you move to a new computer or reinstall your computer you get a new key and need to "log in" again 21:04 <+bridge> [ddnet] Im 'corneumheute um 20:57 Uhr 21:04 <+bridge> [ddnet] does this mean that nobody except me can name themselfes Im 'corneum? 21:05 <+bridge> [ddnet] no 21:05 <+bridge> [ddnet] this has nothing to do with in game names right now 21:05 <+bridge> [ddnet] what does it actually do? i dont really get it 21:05 <+bridge> [ddnet] like whats the goal 21:05 <+bridge> [ddnet] it doesn't do much user-visible things, it lays the ground work 21:06 <+bridge> [ddnet] it provides some authentication that can be built upon for other features 21:06 <+bridge> [ddnet] Yeah, now i get it, so every account can have multiple verified client keys tied to it 21:06 <+bridge> [ddnet] yes @bubliman 21:07 <+bridge> [ddnet] the only thing that would be useful is to know for sure someone is legit. so you can play like normal but when you wanna have a talk ingame you login so both know they are verified. 21:07 <+bridge> [ddnet] yes, that's actually a thing that would be possible with this account system 21:07 <+bridge> [ddnet] but i guess you want to attach the ranks later so nobody can fake finish anymore? 21:07 <+bridge> [ddnet] why new key, how would it work 21:08 <+bridge> [ddnet] on first startup, the client generates a key. it uses that to authenticate against the server (unconditionally) 21:08 <+bridge> [ddnet] These are just results of accounts 21:08 <+bridge> [ddnet] it allows many things, we can do clans, we can actually ban people 21:08 <+bridge> [ddnet] if you want to have a permanent "account", you need to /login 21:08 <+bridge> [ddnet] we can enforce spam rules 21:08 <+bridge> [ddnet] @heinrich5991 maybe use the same symbol as on social media 21:08 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/820025560922587206/unknown.png 21:08 <+bridge> [ddnet] oh oh... 21:09 <+bridge> [ddnet] can people just make new accs to spam 21:09 <+bridge> [ddnet] ok cancel accounts:justatest: 21:09 <+bridge> [ddnet] yes, but you could maybe limit new accounts if there's active spamming going on 21:09 <+bridge> [ddnet] anyway, all this is just results of accounts 21:09 <+bridge> [ddnet] not implementation 21:09 <+bridge> [ddnet] that would be bad 21:09 <+bridge> [ddnet] yes 21:10 <+bridge> [ddnet] @Learath2 does that make my idea clearer? 21:10 <+bridge> [ddnet] yes, it actually sounds very reasonable to a reasonably drunk me 21:10 <+bridge> [ddnet] ❀️ 21:10 <+bridge> [ddnet] any ideas about p2p verification or other servers wanting to use our db of accounts? 21:10 <+bridge> [ddnet] also. how would this be for new players that just want to check the game out? wouldnt they just think: im not gonna create a account for this game so why bother finishing any maps? 21:11 <+bridge> [ddnet] @Im 'corneum you can play without creating an account, nothing will change about that 21:11 <+bridge> [ddnet] they can query our server with the public key, and we'll send back an account identifier @Learath2 21:11 <+bridge> [ddnet] but they could do their own account system as well, on top of the keys 21:11 <+bridge> [ddnet] if they want 21:11 <+bridge> [ddnet] "accounts" are technically keys, they are auto generated in this scheme 21:11 <+bridge> [ddnet] e.g. if KoG wants to do that 21:12 <+bridge> [ddnet] i dont care much about the spam and ban thing but please keep the fake finishes. or switching tees with namechange 21:13 <+bridge> [ddnet] f3 21:13 <+bridge> [ddnet] what about old clients 21:13 <+bridge> [ddnet] they won't have accounts 21:14 <+bridge> [ddnet] @noby 21:14 <+bridge> [ddnet] switching tees is getting a new fix with /swap 21:15 <+bridge> [ddnet] fake finishes I never liked, but idk how to let them keep happening 21:15 <+bridge> [ddnet] would that work instantly? 21:15 <+bridge> [ddnet] that would be epic to map with 21:15 <+bridge> [ddnet] not instantly no 21:15 <+bridge> [ddnet] mmh 21:15 <+bridge> [ddnet] that's under discussion, check the github issue https://github.com/ddnet/ddnet/pull/3654 21:16 <+bridge> [ddnet] if its instant maybe u can do something cool with dummy 21:16 <+bridge> [ddnet] maps 21:16 <+bridge> [ddnet] if you want a game mechanic like that create an issue about that too 21:16 <+bridge> [ddnet] nvm then. but dont make it one minute like save 21:16 <+bridge> [ddnet] the mail system looks reasonable to me too 21:17 <+bridge> [ddnet] uh there is a discussion there, if you want to have input on it please post 21:17 <+bridge> [ddnet] it'll likely have a one minute penalty in any case as we all seem to agree on that 21:17 <+bridge> [ddnet] we can also make legacy points show in ur account as a reward for showing u were there before, if we cant find a way to get old points into new accounts 21:17 <+bridge> [ddnet] so u can brag 21:17 <+bridge> [ddnet] everyone loves to brag 21:17 <+bridge> [ddnet] can we discuss the account system instead of what we're doing next? 21:17 <+bridge> [ddnet] we are all arguing about the 1 minute crippling right now I think 21:18 <+bridge> [ddnet] @Ryozuki Veteran, sound better... πŸ™‚ 21:18 <+bridge> [ddnet] this is just going to go in circles if we talk about what we want to do with accounts 21:18 <+bridge> [ddnet] I couldn't poke a hole in your scheme, the only thing it's missing imo is p2p verification 21:18 <+bridge> [ddnet] suddenly there is more ppl in this chat 21:18 <+bridge> [ddnet] curious 21:18 <+bridge> [ddnet] :monkalaugh: the stalkers 21:18 <+bridge> [ddnet] It was one of my initial desirables that I ditched on my implementation because I didn't want to bother 21:18 <+bridge> [ddnet] fair, didn't realize @Learath2 21:19 <+bridge> [ddnet] wait 21:19 <+bridge> [ddnet] im confuse 21:19 <+bridge> [ddnet] why cant u just implement /register with email and pass, why do u need this clientside key confirmation thingy 21:19 <+bridge> [ddnet] because the password can be phished, is weak, etc. 21:20 <+bridge> [ddnet] the email authentication with key is better 21:20 <+bridge> [ddnet] we'd like to be able to log in automatically, e.g. 21:20 <+bridge> [ddnet] a stored key* 21:20 <+bridge> [ddnet] you dont need a password 21:20 <+bridge> [ddnet] So with the account system, I assume those using Steam would use their steam ID as their account or would you keep it completely separate? 21:20 <+bridge> [ddnet] u just need to verify u own x email 21:20 <+bridge> [ddnet] it allows us to do some very nice things 21:20 <+bridge> [ddnet] like p2p verification, encrypted chat, other servers easily using our accounts 21:20 <+bridge> [ddnet] @SPYRES currently steam isn't integrated at all into that idea 21:20 <+bridge> [ddnet] @SPYRES a bit far from that 21:21 <+bridge> [ddnet] @heinrich5991 it should have a max of 2 tries per day or week 21:21 <+bridge> [ddnet] @heinrich5991 trolls can spam mails with known emails of others 21:21 <+bridge> [ddnet] can u do the email/pass thign along with the client id 21:22 <+bridge> [ddnet] this would defeat the point. people would accidentally lose their passwords to other people and we have to play support 21:22 <+bridge> [ddnet] we can associate steam and discord with email too, that shouldn't be a problem 21:22 <+bridge> [ddnet] how can u link an account from a second computer 21:22 <+bridge> [ddnet] /login 21:22 <+bridge> [ddnet] u do /login 21:22 <+bridge> [ddnet] and go to ur email 21:22 <+bridge> [ddnet] we have todo smth about this, its really annoying 21:22 <+bridge> [ddnet] https://cdn.discordapp.com/attachments/293493549758939136/820029017452183643/unknown.png 21:22 <+bridge> [ddnet] oh and verify thru email 21:22 <+bridge> [ddnet] and click the link 21:22 <+bridge> [ddnet] u verify through email every pc u have 21:22 <+bridge> [ddnet] ah 21:22 <+bridge> [ddnet] just keep fake finish 21:22 <+bridge> [ddnet] and /login email pass will be phished easily cuz how tw servers work 21:22 <+bridge> [ddnet] and ppl will make binds and use them on nonddrnet 21:23 <+bridge> [ddnet] @Kenzoo why? 21:23 <+bridge> [ddnet] yes @louis 21:23 <+bridge> [ddnet] ok makes sense 21:23 <+bridge> [ddnet] @Jupstar βœͺ make a huge formatting commit 21:23 <+bridge> [ddnet] yes, but it will break some huge lines 21:24 <+bridge> [ddnet] bcs between clang 10 and 11 there is some difference 21:24 <+bridge> [ddnet] example? 21:24 <+bridge> [ddnet] ah 21:24 <+bridge> [ddnet] can you maybe just commit the comments? 21:24 <+bridge> [ddnet] alternatively, install clang-format10 21:24 <+bridge> [ddnet] dunno exact example but it was the ones with tinary operators 21:24 <+bridge> [ddnet] what OS are you on? 21:25 <+bridge> [ddnet] linux debian, it has clang 10, but have to switch it always when using different projects, bcs the ide has no per workspace setting for this appearently 21:25 <+bridge> [ddnet] does it call the external clang-format? 21:25 <+bridge> [ddnet] yes 21:26 <+bridge> [ddnet] you could write a little shell script that decides which to use depending whether you're formatting ddnet files or not 21:26 <+bridge> [ddnet] ah, interesting idea 21:30 <+bridge> [ddnet] its good and ddnet was always like that 21:32 <+bridge> [ddnet] @Kenzoo not a valid reason imo 21:35 <+bridge> [ddnet] there are others good reasons but important thing is why u dont want to keep it 21:35 <+bridge> [ddnet] would take the benefits of having an account over not being able fake finish 21:36 <+bridge> [ddnet] fake finishes should still be allowed 21:37 <+bridge> [ddnet] i mean its kinda tradition that if u murder someone during a play, u finish for them 21:38 <+bridge> [ddnet] @louis sure the only way i guess is to auth their client, which would be a pain in the ass and if u want to keep them so much then the whole acc system would crumble 21:38 <+bridge> [ddnet] m or someone before was talking about /swap which could work 21:38 <+bridge> [ddnet] (note that this is unrelated to the account system as we discuss it. we're just doing client authentication right now) 21:39 <+bridge> [ddnet] maybe if names are ever tied to accounts, the owner of account+name can choose to allow others to use that name or not 21:41 <+bridge> [ddnet] not worth 21:41 <+bridge> [ddnet] @heinrich5991 what do you think about the name claiming? 21:41 <+bridge> [ddnet] you mean reserving a name? 21:41 <+bridge> [ddnet] your proposal gets us some form of accounts, what do we do about naming? 21:42 <+bridge> [ddnet] I wouldn't go further than what steam etc. do 21:42 <+bridge> [ddnet] Do we do sth like steam where you can have any display name you want? 21:42 <+bridge> [ddnet] Learath2#5921 21:42 <+bridge> [ddnet] That's more discord then steam 21:43 <+bridge> [ddnet] ah, or battle.net 21:43 <+bridge> [ddnet] ah battle net does it too 21:43 <+bridge> [ddnet] yes, idk. but the thing is, I'd rather get the account system and do the bikeshedding about that later πŸ˜› 21:43 <+bridge> [ddnet] the bikeshedding of things that don't need to be fixed in order to implement accounts 21:44 <+bridge> [ddnet] fixed as in determined 21:45 <+bridge> [ddnet] hm since you only used emails I guess you don't need to actually fix naming before accounts 21:45 <+bridge> [ddnet] staff + "well-known" should have unique name maybe? 21:45 <+bridge> [ddnet] so ppl cant fake 21:46 <+bridge> [ddnet] would joe#0001 and joe#0002 share points 21:47 <+bridge> [ddnet] @louis with that leaderboards could be a big mess 21:48 <+bridge> [ddnet] maybe once u get 5k points u can unique-ify ur name 21:49 <+bridge> [ddnet] or something similar 21:52 <+bridge> [ddnet] meh 21:52 <+bridge> [ddnet] that just causes more problems 22:00 <+bridge> [ddnet] Pop away for a moment and I am welcomed to 300 messages on accounts πŸ˜„ 22:00 <+bridge> [ddnet] πŸ™‚ 22:01 <+bridge> [ddnet] @heinrich5991 I like the approach. It is a simple authentication process. It is similar to how Slack handles authentication - unless I am mistaken. 22:03 <+bridge> [ddnet] I don't think it precludes typical account functions like name storage. You going to have to store the access token associated to the email address, could also create other fields e.g. name etc. The benefit is that we don't store passwords and need to handle the handshake of them 22:04 <+bridge> [ddnet] /login 22:04 <+bridge> [ddnet] why do you include a name in there? 22:04 <+bridge> [ddnet] Well where else would you take in those extra fields? 22:05 <+bridge> [ddnet] Could include a /register 22:05 <+bridge> [ddnet] yea, or give a way to set names later 22:05 <+bridge> [ddnet] True but then you create a state problem of inconsistent data 22:05 <+bridge> [ddnet] @heinrich5991 with a name included u get rid of a ton of issues, and whats the point of the accounts without the names? 22:06 <+bridge> [ddnet] user identification 22:06 <+bridge> [ddnet] I think it is fine to extend it slightly to include other usual fields 22:06 <+bridge> [ddnet] it just means it is broken into two 22:07 <+bridge> [ddnet] I don't think we need much on sign up tbh, most of the stuff can be optional, including the name. we already have the current in game name if we want to display something 22:07 <+bridge> [ddnet] /register 22:07 <+bridge> [ddnet] /login 22:08 <+bridge> [ddnet] you forgot card number 22:08 <+bridge> [ddnet] That is in-game though. We lose out the usefulness beyond that e.g. the website 22:09 <+bridge> [ddnet] you can capture the ingame name πŸ™‚ 22:09 <+bridge> [ddnet] True 22:09 <+bridge> [ddnet] I really like the "almost no friction" of /login πŸ™‚ 22:10 <+bridge> [ddnet] Fair enough. I think we pretty much agreed on the approach - just the smaller details at this point. 22:10 <+bridge> [ddnet] @heinrich5991 sure the name can be added later or through email 22:10 <+bridge> [ddnet] yes, true, these are details 22:10 <+bridge> [ddnet] wont the client hide the commands anyway 22:10 <+bridge> [ddnet] like a loginscreen client side 22:11 <+bridge> [ddnet] Alright team, so account system come Monday? 22:11 <+bridge> [ddnet] πŸ˜„ first monday of 2022 22:11 <+bridge> [ddnet] when teeworlds gets 30 22:19 <+bridge> [ddnet] Namechange could be instant and automatic, instead of a year cooldown 22:19 <+bridge> [ddnet] also it could sent and email where you could confirm this namechange 22:19 <+bridge> [ddnet] 22:19 <+bridge> [ddnet] `/account name Aoe` This name is already taken try another one 22:19 <+bridge> [ddnet] `/account name Korgi` Namechange succesful 22:19 <+bridge> [ddnet] 22:19 <+bridge> [ddnet] What about this? 22:20 <+bridge> [ddnet] let's try to actually do the account system before trying to figure out stuff like that @bubliman πŸ˜‰ 22:20 <+bridge> [ddnet] I'll try get the skeleton plan for it down later this weekend based on the above conversation. 22:20 <+bridge> [ddnet] Names don't need to be unique under an account system. One of the benefits. 22:20 <+bridge> [ddnet] this will lead to endless bikeshedding otherwise @bubliman 22:20 <+bridge> [ddnet] Annoying seeing my very "unique" name having maps finished that I haven't done. 22:21 <+bridge> [ddnet] as i said πŸ™‚ 22:23 <+bridge> [ddnet] automatic namechange isnt good, will be so confusing when some people change their name 3 times a day 22:23 <+bridge> [ddnet] Why? i mean it is possible on most modern games 22:23 <+bridge> [ddnet] could have a command for name history 22:24 <+bridge> [ddnet] this is what I mean with bikeshedding 22:24 <+bridge> [ddnet] can you move to another channel fr this? ^^ 22:25 <+bridge> [ddnet] basically do ur thing, im now 🀐 22:27 <+bridge> [ddnet] on second thought account management shouldnt be in chat, now im truly 🀐 22:39 <+bridge> [ddnet] I mean if we have an account system names dont matter do they 22:45 <+bridge> [ddnet] technically not 22:45 <+bridge> [ddnet] pride is the reason we don't have an account system to begin with 23:02 <+bridge> [ddnet] @heinrich5991 the key u store in ur pc is like a public key or how does it work 23:03 <+bridge> [ddnet] is it just some token 23:09 <+bridge> [ddnet] like a private key