So I have finally been able to let users play on OGS against bots. I’m very excited to have this feature. However one disappointing fact is I had to create an account to do this, which by itself isn’t a bad thing. The issue is how I am forced to login.
I must use the username and password to login, but asking users to trust that I will not abuse their passwords is just too much. I cannot figure out how to log someone in without the password.
Does OGS have revokable keys? some websites let you generate keys associated with your account which you give a name to, which allow whoever you give the key to certain permissions regarding your account (in this case, permissions to send moves would be the big one, maybe there are some others needed). These can be revoked from settings at any time, but until then act as a way to avoid giving your password to 3rd parties while still allowing them some limited access
Having to instruct someone on how to generate a key and input it is a terrible user experience though.
Really? Seems standard. The other option is some sort of integration, but that always feels worse from a user end, because it feels like the integration is being forced upon you instead of explicitly chosen in a manner which can be easily revoked
I feel like I’m going crazy, because I cannot find a single mention of a special key for applications anywhere in the web interface, on both the production and beta UIs.
For what it’s worth, I’d prefer the option to redirect to OGS for login and token generation, both as a user and as a (prospective, unfortunately) developer. That has the benefits of both manually-generated keys (individually revocable) and the convenience of an integration (I can just put in my password or sign in with an integration).
Depending on what you need I can probably help you. You’d have to message me on Discord though because I don’t check forums daily