godot-docs icon indicating copy to clipboard operation
godot-docs copied to clipboard
verified publisher icon godotengine

Add docs for using builtin auth mechanism

Open baccenfutter opened this issue 10 months ago • 1 comments

Took a huge unnecessary detour, today. it was an upstream battle...

Since there was no mention of it whatsoever, I intuitively concluded that I would have to build my own authentication on top of SceneMultiplayer. The authentication part was easy, but when trying to figure out how to hook into Godot's RPC call-stack to prevent unauthenticated RPC calls, I got stuck and was made aware of SceneMultiplayer.auth_callback by Discord.

Getting the builtin auth mechanism to work with the available docs on SceneMultiplayer was an upstream battle.

But the main issue to me, is the complete lack of mentioning the availability of the builtin auth mechanism, at all.

Wanted to share my results and prevent others from having to take the same detour.

  • Bugsquad edit, closes: https://github.com/godotengine/godot-docs/issues/11006

baccenfutter avatar Feb 26 '25 22:02 baccenfutter

In addition to discoverability of the authentication mechanism being low, there also appears to be misleading information in the relevant documentation.

The SceneMultiplayer authentication docs (specifically the docs for peer_authenticating and complete_auth) seem to imply that any given peer does not receive the peer_connected signal for another peer until it has authenticated with that specific peer (by both of them calling complete_auth on each other's peer IDs), but that is not what is happening from what I can tell.

I can only see the authentication handshake happen between a client peer and the server, and once the authentication with the server has completed, peer_connected signals are emitted for all others peers on a peer, even though complete_auth was never called for those peers.

I'm not terribly familiar with the godot source code, but that also appears to be what is happening. _admit_peer checks if the server is calling the function, and if so, forwards peer IDs to other peers. Clients receive this message, check that they aren't the server, and that the message came from the server, and then add the peers. The comment in the code also indicates that these peer connection messages are just being relayed over the server (if relaying is enabled), and the clients automatically accept the peers, without authenticating first.

Ideally the previously mentioned documentation can also be updated as part of this PR to make the entire mechanism more clear.

SchnozzleCat avatar Jun 07 '25 16:06 SchnozzleCat

Might I suggest not using lambda in your examples? It's a lot cleaner and easier to follow if the method being linked is distinct.

alliephante avatar Aug 13 '25 00:08 alliephante