at the moment i have a special kind of problem.
I am planning to make a twitch game, which connects to my own websocket server for communication.
The other side is a greasemonkey script, which provides a userinface embedded in twitch.
Now i need a way, to authenticate the user, so im sure he is person xy.
From the cookies i get a “session_unique_id” and a “api_token”.
From the localstorage i get a “localstorage_unique_id”.
Anybody has an idea, how i can trustfully authenticate the user?
Just sending my websocket server: “Hey, i am user xy”, would cause a lot of insecurity in my game.