Use a public key cryptography to authenticate yourself with the server.
Your pubkey (public key) works like some sort of user ID. It can be repesented as 64 char hex-encoded string. (do we want to bother with Base58 or something?)
During joining process, client sends your pubkey to the server. Server uses challenge-response to verify that client is in fact posession of secret key matching with given pubkey.
Key material used to generate your keypair is stored at first launch in the config file.
Company access list stores mapping of pubkeys and their respective access level: owner or member. Members can only join the company, while owners can also manage access list (retrieve access list, add/remove pubkeys, change access levels). At company creation, you are given owner level and only you can access the company.
These lists are stored in the savegame, so servers can be restarted without problem. Password-based authorization would be removed.
Do we need to support unprotected companies at all?
Equivalent to above, probably reusing the same UI, but used for authorizing joining game server at all. Stored in the server config file.
Server owners can generate random invite code, choosing validity period/one time use/how many times code could be used (TBD). Entering correct invite code automatically adds you to the server access list as a member. Entering codes could be automated with openttd: protocol links.
Anytime you could add someone currently available on server to your friends list. As keypairs are not tied to names permanently, last known name will be stored (which will update any time you see this pubkey playing with other name). If player don't have private mode enabled, you will now see on server list where they are currently playing. This also allows you to easily add them to company/server access lists even when they are offline, without manually entering 64 char pubkey.
The server shares with clients pubkeys of all other connected clients.
It also allows to query which pubkeys are currently playing on a server. (directly or through masterserver query, TBD)
This enables features described above, company/server access lists and friends lists.
Obviously, with unique pubkey users can be tracked across multiple servers. This might not be desirable for everybody, so privacy mode can be enabled. It modifies keypair generation routine, so that some specific server characteristic (hostname or something, TBD) is mixed into key material. That yields unique keypair for each server.
This means friends can no longer see on which server you are playing (as you have a new identity on every server).
This also means you cannot be tracked over multiple servers.
- Lightweight implementation.
- All information is local; no central entity is required.
- No need for any signup; this is fully transparent.
- If you lose your secret, you lose your identity (no way to recover).
- You cannot "login" as yourself on another device easily (unless you manually copy config entry with secret).