Today we are having a real life test of our online high scores system because iCombat game version 1.2 got approved by Apple and there has been a flow of users populating the DB with their scores since then.
And suddenly it has stopped working - the online table wouldn’t show and as a result I had to learn a bit more about OAuth system we are using for the authentication purposes.
But want to tell a bit about how it has started. First there was a post here in our blog:
http://www.injoit.com/blog/2009/02/20/an-idea-for-saving-game-scores-online-for-iphone-apps/
where I was thinking aloud on how to make a solution to store the high scores online (for our iPhone games). And then Chris Messina (one of the authors of OAuth) has made his comment ‘Sounds like you’re reinventing OAuth!’. So this is how I opened OAuth for myself and then decided indeed to use it as an authentication for our system.
Later we have decided to make the system open source and now it’s in beta stage, but it’s already installed in 4 iPhone games.
It’s fantastic how OAuth has resolved all our authentication problems and we didn’t have to write it everything from scratch. The only thing I’m afraid of is I’ve just used it as is, picked the standard php+mysql implementation, made a few modifications and that’s it. Still I’m far from understanding of all the aspects of how this thing works.
The example was today when iCombat players started to update it to version 1.2 where our iGetScores system has been implemented and suddenly it just stopped working. The funny thing was that the system still worked for other game so I couldn’t believe the problem was with the server and was looking elsewhere. Then tried to get a request token with my testing web client and got this error:
OAuth Verification Failed: Timestamp is out of sequence. Request rejected. Got 1246034104 last max is 1246119788 allowed skew is 600
Suddenly I realized that users playing the game have different time zones and therefore after I have tested it in Ukraine and my time was 8 p.m., the users from New York had no chance to add their scores until their local time will be the same (in 5 hours or so).
So I didn’t have a choice but to comment those lines in server where it checks the nonce/timestamp pair. Because if we make any alterations to the iPhone client, we would need to re-submit the game and it might take weeks for Apple testers to check and approve the new version. Everything is working now.
The positive thing is we have learned more about OAuth and will be improving the way we use it in our system in the nearest future. And huge thanks to Blaine Cook and Chris Messina for developing such a great open authentication system.
And, by the way, if, you’re a game developer or wish to help us with OAuth implementation, please feel free to visit our Google Code side where the iGetScores project is hosted. We’ve made both iPhone client and web server open source and free to download. Just launched it for beta testing and hope some developers will join us to develop and improve the system:
http://code.google.com/p/igetscores/
one comment so far...
I’m having the same issue. Could it be fixed on the iphone side?
leave a reply