Sign In Register

How can we help you today?

Start a new topic
Answered

Resetting a users password

Forgive me if this is a silly question but I've not found the answer through searching.


How would I go about resetting a users password when they have forgotten it?


I tried a ChangeUserDetails request but it looks like it only works for the currently logged in user? ("Username:Taken" message).


Thanks


Best Answer

Yep so if you create a custom event that has an attribute that takes a userId and one for the password:



Then in cloud code add this to the event:


 

var userId = Spark.getData().userId;
var newPassword = Spark.getData().newPassword;

Spark.loadPlayer(userId).setPassword(newPassword);

 

then to change the password, find the userId of the player and call the following event:

 

{
 "@class": ".LogEventRequest",
 "eventKey": "changePassword",
 "userId": "userId",
 "newPassword": "newPassword"
}


Shane



Hi Lee,


So the way to do this is a little complex, first you'll need to be able to send a request to GameSparks without logging in, we can do this with DeviceAuthenticationRequest, but as this logs in as a user, you'll have to make sure that unless they log in the regular was (AuthenticationRequest) they cant access any part of your game that sends requests. This could cause them to lose data or not have data stored against their normal account.


Secondly you'd need to set up an event that when the user clicks "forgot password" sends them an email. We support sending emails through SendGrid Cloud Code calls which requires a www.sendgrid.com account. We cant send the user a http request link to change their password as this would require embedding the game secret in the link, this is bad because it would allow any user firing any request they see fit. So in this case the event that sends the email should send a code to the user instead of a clickable link. 


We'd need another event that the player can send their emailed code which would run some logic to check the sent code is the same as the received one and if so, change the password using setPassword.


Shane

Yes that seems complicated. Is there a way of doing through the portal, just by request for now?


For now it's just my client who's testing the game has forgotten his password.


1 person likes this
Answer

Yep so if you create a custom event that has an attribute that takes a userId and one for the password:



Then in cloud code add this to the event:


 

var userId = Spark.getData().userId;
var newPassword = Spark.getData().newPassword;

Spark.loadPlayer(userId).setPassword(newPassword);

 

then to change the password, find the userId of the player and call the following event:

 

{
 "@class": ".LogEventRequest",
 "eventKey": "changePassword",
 "userId": "userId",
 "newPassword": "newPassword"
}


Shane


Has any of this changed? Because, if I'm honest, this is really complicated. 


1 person likes this

Hi Lukasz, 


It's the same, if you are having issues feel free to ask us or log a ticket.
We'd be more than happy to talk you through it.


Cheers,


Oisin

Bump - playfab has a call like player.sendPasswordResetEmail -- I'm really envying their command ;) any chance to make an easymode-version? I'd have to even make my own logic to send and confirm an email with this current system.


2 people like this

BTW, I finally resigned from using login & password authorization in my project - it's complicated and without build-in way of resetting passwords it would quickly become a nightmare to maintain (we're currently using a system like that in our game and I constantly receive email with password reset requests). What I'm using (or planing to use, because this is not implemented and tested yet) is Steam/GameCenter/GooglePlay/Facebook authorization - it's easier for the user to use and there's no additional maintenance cost (and there's added value as well - users' friend lists is automatically populated with their contacts).

I thought about that too until I had a sign up promo and realized that many people even completely BLOCK social login sites altogether. I call them privacy freaks. There are many of them... And I can't lose them. I hate to compare to a direct competitor but if playfab has something so easy to use surely gamesparks can have one too since they've been around longer?
I must agree with Dykan. Please make a automatic "Forgitten Password" feature. If you have 100k users it would be almost unbearable to answer all requsts for new passwords :-/

1 person likes this

Any updates on "forget password" issue?

Hey I was also wondering are there any plans for the tech team to implement the forgotten password feature? 


I guess the biggest infrastructural change is to implement some kind of Rest API that can be called and requests handled inside cloud code. This way I could write cloud code to confirm users correct email (user clicks on email confirmation link), and that request would come over HTTP and be handled with cloud code. 

3 months later from last response...still an issue? :D

 


1 person likes this
Yep still an issue. This is why we moved to PlayFab. One call and they get an encrypted password reset email. Saved an incredible amount of time and I didn't have to handle my own cryptology. Not sure why GS doesn't prioritize this over their UI polish.
So, we dont have an out-of-the-box solution to this, but there are options you can use to overcome this problem which we have implemented for our customers.

One option is to have a deviceAuthentication when your player forgets their password. This will allow you to call requests to GameSparks without authentication.
You can setup limits in your cloud-code as to what requests can be used by a device-auth player and then simply call a custom logevent request.

Another way is to setup a custom credential which you can hit with a callback from your client.
This way is less secure, but you can also have your client send an email with a link to this url.
Both ways will require you to save the playerId on the client so you can load it in cloud-code.

Either way, i have created a task for this so it will be scheduled for development and not forgotten again.

Thanks for your patience.
Sean

 


2 people like this
Login to post a comment