LBPUnion
Distinguishing RPCN and PSN Accounts
If a user has an RPCN account that matches a PSN account or vice versa, there is opportunity for them to login to an instance of Lighthouse as the other user under the right circumstances. Some examples might be,
- Username parking: Using RPCN to join an instance with an account with the intent of taking the place of a PSN account.
- Imposter among us: attempting to trick an existing user into approving an authentication request and then connecting to the server under their account. This allows the imposter to manage their levels on the server and act as them.
Obviously, this is an issue that can result in some genuine mistakes. For example, someone may not even be aware that their RPCN name matches another PSN user who wants to play Lighthouse. So, this issue focuses a bit more on situation #2. However, there are natural protections in place for these users. The user should be looking for an IP address that matches their own to avoid giving an auth token to the wrong client.
Another suggestion that I have is to consider separating out RPCN and PSN accounts with labels so that they can co-exist somehow. I haven't the slightest clue how that would work though in-game. The displayed names would have to be modified by the database somehow. Idk if the game will like that.
Don't you think an indicator on what platform and what country/city the authentication request is coming from would be enough?
If someone tries to register an already taken Lighthouse account, I believe it already says the name has been taken, so that shouldn't really be a problem either.
And regarding username parking, I feel like this is a problem with every social media / whatever, so the PSN user would just have to, in case someone stole the name, make another PSN account.
Don't you think an indicator on what platform and what country/city the authentication request is coming from would be enough?
If someone tries to register an already taken Lighthouse account, I believe it already says the name has been taken, so that shouldn't really be a problem either.
And regarding username parking, I feel like this is a problem with every social media / whatever, so the PSN user would just have to, in case someone stole the name, make another PSN account.
You make great points here! I'm curious how it will display in game if two users have the same name but are on different platforms. Hopefully it can be done and all we'll need are indicators.
does the game work with ids or names, if it's names then it'll be harder but if the game works off numerical ids then we just make sure that names from the other platform to what the user is on is prefixed with [RPCN] or [PSN]
Good question, is there a way we can find out? Or maybe @Slendy might know?
It might be possible but you would have to send the user's original name if the one requesting it is that user. The reasoning for this is that the game knows what its username should be because of PSN/RPCN. Then, when the game requests its profile it's always going to use the nonprefixed name in the request but if the response has the prefixed name the game will refuse to parse the request because the names don't match. So other people might see [PSN]Slendy or [RPCN]Slendy the users themselves see their own name. I also don't know how the game behaves with brackets.
#600 will mostly close this issue with account linking. Users with account disputes will need to contact instance admins to resolve the conflict.