The Authentication API allows Kongregate players to play any game without registering or entering a password. By making a call to the web service from your game server you can securely determine the player's Kongregate user id and username.
Games are not permitted to require users to create an account, submit an email address, connect through Facebook, or in any other way use an authentication system that is not Kongregate's API.
When a user plays your game for the first time, you will typically need to create an account in your user database for them. In most cases you can simply do this silently (as most Facebook games do) - simply create a user in your database with columns for the Kongregate user id and username. The username should be the same as the Kongregate name, if available. On future visits you'll use the Kongregate user id to retrieve the account in your database and log them in.
A player's username can change, while the user ID will be constant - your database should always key off the user ID.
If a player is not logged into Kongregate, you'll want to display a friendly message saying something like "This multiplayer game requires a Kongregate account" with a "Sign in or register" button that brings up our registration dialog by calling:
The one exception to the rule at the top forbidding external log-ins is that you may enable a player with a pre-existing account to connect that account to their Kongregate game.
If you do allow this, since most users will not need to do this you should generally just have a small link that says "Use your existing AwesomeGame.com account". Do not show a username and password field until they click that - otherwise you may confuse users and lower your conversion rate. Once the player has linked their accounts, you should log them in automatically on future visits.
If players need to select a username for the game it is quickest and easiest to default to their Kongregate username (which is up to 16 characters and allows letters, numbers, and _'s). If you are worried about name conflicts or your usernames are more restrictive, a next best option is to auto-fill a name creation field with the player's username. This encourages them to use that name, but if it is taken or invalid it will give your normal validation error message when they try to confirm and allow them to select a new one.
Authentication is done with a unique key for each game to prevent potential malicious game authors from stealing credentials and using them on other games. The key is called the
game_auth_token, and is provided by the client API with the getGameAuthToken function.
var token:String = kongregate.services.getGameAuthToken();
var token = kongregate.services.getGameAuthToken();
You should not assume that the authentication token will remain constant for a user, as it will change any time a user changes their password.