this is something which I need for the second time in an app now:
I want to restrict access to some part of the app to users who entered a pin code or some other code or combination.
Is there any pattern how to limit access to specific ressources (mostly Methods and Publications) without passing some credentials with every call to a Method or every Subscription as a parameter?
What I’d like to have is something like a user account, but more temporary, without having the users cluttering up my users collection.
So some kind of persistent, authenticated Session between Server and Client per device / connection, without perusing the Users collection?
Does anybody know this - or a similar kind of beast?
a) a Protected area on the page, where only users with a passcode should be able to peruse the data
b) Somewhat more complicated, but taken from real life: In a game, I want to track all the different players and their positions and data, but I don’t want to create a user for every player - they might not really have accounts, they could be anonymous etc., and I actually want to use the users collection for actual users?
I’m grateful for any answers at all, keep on coding in the free world