Basically, I have a launcher where the user can sign in and launch the game. I am using Cognito for user authentication and I store the access, id, and refresh token in a .dat file.
Currently, the way the launcher works is if the user wants me to remember them, then I save the refresh token and reauthenticate them the next time they open the launcher. Otherwise, they have to manually input their username and password to sign in and I also don store anything in the .dat file.
The idea was that I would pass the tokens to the game client as a command-line argument, however, I realized I want the launcher and each game to be separate app clients. This is because I want the user to be able to log out of the launcher or close it without compromising the tokens being used by the game. I also want the user to be able to play multiple games without compromising each other.
The current best solution I can think of is to encrypt and store the username and password and pass that into the game as a command-line argument for authentication.
This didn’t sound like the best approach to me, however. It seems like a security issue. Of course, the username and password would both be encrypted and only in the memory as long as I need to authenticate, but it still seems like a security issue.
The other idea is to share tokens and have the launcher handle everything, but then the launcher always has to be open and the user can only play one game at a time.
Has anyone dealt with something similar before and wouldn’t mind sharing what they did? Also, am I looking at this all wrong?
Thanks in advance!