Forum QuickConnect Facebook Security Problem

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

Facebook Security Problem

Postby radmahdi » April 13th, 2015, 1:53 am


I have a Facebook app. For each user, it connects to FB using Graph API first, then it gets the user's FB ID and use it to connect to game server, as follow:

Code: Select all
function MyGame(){
Facebook.init(<FB APP ID>, loginHandler);

protected function loginHandler(success:Object, fail:Object):void{
  if(success) {
    playerID = success.uid;
    Facebook.api(Facebook.getAuthResponse().uid, getMeHandler);   

protected function getMeHandler(result:Object,fail:Object):void{

  stage,                          //Referance to stage
  gameID,                        //Game id (Get your own at
  "public",                       //Connection id, default is public
  playerID,                        //Us
  "",                                //User auth. Can be left blank if authentication is disabled on connection
  null,                        //Current PartnerPay partner.
  handleConnect,                  //Function executed on successful connect
  handleError                     //Function executed if we recive an error

The problem is that, the users can use cheatEngine, and change the playerID before connecting to the game server, then they are connected as other user.
I tried to understand quickconnect, but since there is no example, I could not make it.

I appreciate if any one could give me an idea, how can I protect the game from memory scanners?

Posts: 16
Joined: July 1st, 2011, 11:27 pm

Re: Facebook Security Problem

Postby Henrik » April 15th, 2015, 4:10 am

Use Authenticate instead of QuickConnect: ... n/facebook ... thenticate

You only need to pass in the Facebook access token, and there's no way for your players to impersonate another Facebook user.
Posts: 1855
Joined: January 4th, 2010, 1:53 pm

Return to QuickConnect