When AuthenticationRequest has an error, the error code is:
UNRECOGNISED : The userName password combination did not match any existing account
Would it be possible to have 2 cases like :
- "userName" unknown
- "wrong password"
I would like to distinguish both cases, as lots of logins system do.
I think for security reasons, you should keep it as it is. If there's a hacker, you don't want them to know which of the 2 is wrong. Letting them know a username exists might be dangerous?
I'm afraid not. You could however check for this yourself in the AuthenticationRequest. When a player authenticates you could query a custom collection for that userName "Spark.getData().userName". If a match is not found you know the userName is not valid and you could set a scriptError to display this in the response. If a match is found you could use the playerId from the matched document along with Spark.loadPlayer to load that player object. You could then validate the password passed in through the request "Spark.getData().password" on the loaded player object with validatePassword. With both of these checks in place you should be able to display the error you require here.
Any news about that ?
Thanks, we'll pass this request on to the dev team.