User Authentication without needing to supply username/password

Hey all,

We've all played mobile games where when you first install it and load the game, it doesn't ask you to create an account. There is no username/password required. It throws you into the game and let's you play. This is a good experience as no one likes to create an account before even trying a game.

Eventually the user could supply a username/password to their account to allow them to login on other devices and protect them if they every lost/sold their device.

I have set up my game to use JSON Web Tokens (JWT) to authenticate with the server. My original thought was, when they load the game for the very first time I'd create an account for them in the database. This account would have no name, no password, etc.... it would just have a UUID I'd assign them.

I'd send the user back that UUID as well as a JWT token (which they would use for the api requests for that session). The game would save that UUID on their phone. The next time they loaded the game, it would send that UUID to the server to locate their account and then give them a new JWT token.

I feel like I'm doing something wrong here. I am far from an expert in the authentication world. JWT Tokens makes sense to me when you have an actual login screen with a username and password.... but I am not sure how all these other games do this when no login is required.

Any thoughts on this would be greatly appreciated!

 

Everyone hates that, because of the amount of spam that's created by spam bots who harvest every email address that's ever created by anyone.