• caglararli@hotmail.com
  • 05386281520

How does a user get authenticated on server B if they are already authenticated on server A through OAuth2?

Çağlar Arlı      -    34 Views

How does a user get authenticated on server B if they are already authenticated on server A through OAuth2?

Lets say I have server A (a web server). Users initially use an external provider such as Google to get authenticated on that server. An entry is created in my database saying that this user has logged in before and has confirmed their account. They now have access to resources such as a forum available from the web server (so essentially we created a local account for them).

Now, the user wants to get authenticated on server B (a game server). Server B is accessed through a desktop app (game client) through TCP. Also, we have a gate server C that will handle initial requests from desktop clients before being able to connect to server B.

The entry created for that user previously, is required to access server B and/or C. Hence, the desktop app should open a browser to authenticate our user on server A.

What is the general flow required to implement such a system? My point of confusion is even if server C knows the user is authenticated (by exchanging access tokens with server A), what information do we pass to the desktop client and server B so when the client disengages from server C, they can be sure server B will not reject their connection attempt (assuming the request is legitimate)?

enter image description here