Skip to main content

Authentication Overview

Authentication in the Moitribe SDK allows you to identify and manage players across sessions. The SDK supports multiple authentication methods to fit different game types and player preferences.

Authentication Methods

The Moitribe SDK provides three primary authentication methods:

1. OTP Authentication (Email/Phone)

One-Time Password authentication via email or phone number. This is the most common authentication method for web and mobile games.

Flow:

  1. Generate OTP for player's email or phone
  2. Player receives OTP via email/SMS
  3. Player enters OTP to login or create account

Best for: Web games, mobile games, casual games

2. Social Login

Authenticate players using existing social media accounts (Google, Facebook).

Flow:

  1. Player authorizes your game through social platform
  2. SDK receives player information
  3. Player is logged in automatically

Best for: Social games, games targeting specific platforms

3. Guest Login

Allow players to start playing immediately without authentication. Player data is stored locally but not synced across devices.

Flow:

  1. Skip authentication entirely
  2. Start gameplay immediately
  3. Optionally upgrade to authenticated account later

Best for: Hyper-casual games, demos, quick-play experiences

Authentication Flow

Here's how authentication works in a typical game:

// 1. Initialize SDK
MoitribeSDK('my-game-id', 'init', {
  loginCallback: (result) => {
    if (result.success) {
      // Player is already authenticated
      startGame(result.playerdata);
    } else {
      // Player needs to authenticate
      showAuthenticationOptions();
    }
  }
});

// 2. Player chooses authentication method
function showAuthenticationOptions() {
  // Show UI with options:
  // - Login with Email/Phone
  // - Login with Google
  // - Login with Facebook
  // - Play as Guest
}

// 3. Authenticate using chosen method
// (See specific authentication guides)

// 4. After successful authentication, start game
function startGame(playerData) {
  console.log('Welcome,', playerData.name);
  // Game logic here
}

Checking Authentication Status

At any time, you can check if a player is authenticated:

JavaScript Example

MoitribeSDK('my-game-id', 'isAuthenticated', {}, (result) => {
  if (result.success) {
    console.log('Player is authenticated');
  } else {
    console.log('Player is not authenticated');
  }
});

TypeScript Example

import MoitribeSDK from '@veniso/moitribe-js';

MoitribeSDK('my-game-id', 'isAuthenticated', {}, (result: { success: boolean }) => {
  if (result.success) {
    console.log('Player is authenticated');
  } else {
    console.log('Player is not authenticated');
  }
});

Session Management

Once authenticated, the SDK automatically manages the player's session:

  • Session Persistence: Player credentials are stored locally
  • Auto-Login: On subsequent visits, players are automatically authenticated
  • Session Expiry: Sessions remain valid until explicitly logged out
info

The SDK stores authentication tokens in local storage (browser) or file system (Node.js). Players remain authenticated across browser sessions unless they clear storage or explicitly log out.

Login Callback

The loginCallback provided during SDK initialization is called whenever authentication status changes:

interface LoginCallbackResult {
  success: boolean;
  playerdata?: SignedInProfile;
}

When it's called:

  • After initial SDK initialization
  • After successful login (OTP or Social)
  • After successful account creation
tip

Always implement the loginCallback to handle authentication state changes. This ensures your game responds correctly when players log in or out.

Authentication vs Guest Play

FeatureAuthenticatedGuest
Profile sync across devices✅ Yes❌ No
Persistent leaderboard scores✅ Yes⚠️ Limited
Social features✅ Yes❌ No
Tournament participation✅ Yes❌ No
Real-time multiplayer✅ Yes✅ Yes
Quick start⚠️ Requires login✅ Immediate

Common Authentication Patterns

Pattern 1: Required Authentication

Force players to authenticate before playing:

MoitribeSDK('my-game-id', 'init', {
  loginCallback: (result) => {
    if (result.success) {
      startGame(result.playerdata);
    } else {
      showLoginScreen(); // Block game until authenticated
    }
  }
});

Pattern 2: Optional Authentication

Allow guest play but encourage authentication:

MoitribeSDK('my-game-id', 'init', {
  loginCallback: (result) => {
    if (result.success) {
      startGame(result.playerdata);
    } else {
      showGuestPlayOption(); // Offer guest play or authentication
    }
  }
});

Pattern 3: Silent Authentication

Start as guest, authenticate in background:

MoitribeSDK('my-game-id', 'init', {
  loginCallback: (result) => {
    // Always start game, regardless of auth status
    startGame(result.playerdata || null);
    
    if (!result.success) {
      // Show optional login prompt during gameplay
      showOptionalLoginPrompt();
    }
  }
});

Error Handling

Authentication operations may fail for various reasons. Always handle errors gracefully:

MoitribeSDK('my-game-id', 'loginWithOtp', {
  emailid: 'player@example.com',
  otp: '123456',
  callback: (result) => {
    if (result.success) {
      console.log('Login successful');
    } else {
      // Handle specific errors
      if (result.statuscode === 102) {
        showError('Invalid OTP. Please try again.');
      } else if (result.statuscode === 104) {
        showError('OTP expired. Please request a new one.');
      } else {
        showError(result.msg || 'Login failed. Please try again.');
      }
    }
  }
});
warning

Always validate player input (email, phone, OTP) before sending to the SDK to provide immediate feedback and reduce unnecessary API calls.

Security Best Practices

1. Never Store Passwords

The SDK handles all authentication tokens securely. Never store or transmit player passwords in your game code.

2. Validate Input

Validate email addresses and phone numbers client-side before generating OTPs:

function isValidEmail(email) {
  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}

function isValidPhone(phone) {
  return /^\+?[1-9]\d{9,14}$/.test(phone);
}

3. Rate Limiting

Implement rate limiting for OTP generation to prevent abuse:

let lastOtpRequest = 0;
const OTP_COOLDOWN = 60000; // 60 seconds

function requestOtp(emailid) {
  const now = Date.now();
  if (now - lastOtpRequest < OTP_COOLDOWN) {
    const remaining = Math.ceil((OTP_COOLDOWN - (now - lastOtpRequest)) / 1000);
    showError(`Please wait ${remaining} seconds before requesting another OTP`);
    return;
  }
  
  lastOtpRequest = now;
  MoitribeSDK('my-game-id', 'genOtp', { emailid }, callback);
}

4. HTTPS Only

Always use HTTPS for games that handle authentication to protect player data in transit.

Next Steps

Learn about specific authentication methods:

For more information, see: