I'm aware of all the ways that other websites verify someone's identity, but ALL of them can be tricked into stealing someone's identity.
My proposal through this issue is to make verifying process 100% secure.
I think there was a disconnect here, so let me clarify. I absolutely love your idea and other people have suggested some type of authentication token being built into the system. Most of the discussions have been on what you can do NOW without support from supercell and the pros/cons.
Wheel of Time. Check us out at www.discord.me/wotcoc for more information.
There should be a way to verify player identity my account was hacked I used my other account to get it back and supercell banned me from the game I deleted all games
I think that will useful to have a reliable system to identify a player.
I propose a token system to identify registered user on a website.
Step 1 : user registers to web site : website call the API to get a secret random code (ex : 897821)
Step 2 : user open Clash Of Clans and this code is displayed on the screen.
Step 3 : user come back to the website and enter this code in a field.
Step 4 : web site compare the code sended by user with the code return by API.
Easy to use.
Reliable.
Secure ? I think.
Last edited by SoldatBourrin; November 12th, 2018 at 04:37 PM.
This is exactly why having /buildings/endpoint would be useful. We could just make them change the location of their buildings to a certain location and call it good. Though I doubt /buildings will ever be a thing. Unfortunately.
A tedious but reliable way of doing verification (since I doubt you'd be having 100 people registering at one given time):
1. Normal routine => ask the player for their tag.
2. Check out their village and make them change something out.
3. Once they've changed their base, verify that they have changed it.
OR
IF THEY'RE PART OF A CLAN
It's mandatory to have at least ONE verified leader or co-leader. Afterwards assign each member a token that's unique to them which gets refreshed every 5 minutes.
After a player has requested to be verified a leader or a co-leader can check if they have the right token. If so, then confirm they're who they say they are.
IF NOT PART OF A CLAN
Have a dedicated Clan in which will manually verify a player's identity. They will still be using tokens and a representative from whatever website will be verifying them. At one given time there will ALWAYS be ONE representative online. If there is no one online they can ping someone from the website. However, this is a rare occurrence.
NOTE: All of these are possible ways to do 100% accurate verification system. Although it requires manual labor (which I'm pretty sure is what y'all are trying to avoid), but if you really want security then it's definitely the way to go with the current system as it stands rn.
Though for the future a token that's generated by CoC will most definitely be useful.
Last edited by RepeaterCreeper; November 12th, 2018 at 07:44 PM.
In Clan Royale, under settings panel, there is an option to view/copy user's API token. A same system for clash of clans would be much appreciated for verification purposes.
🅱🆄🆃🆃🅴🆁