# BigscreenAccountId

`BigscreenAccountId` is the canonical user id that we use for to represent unique users in this system.  There's only really one scenario under which this id should be created:

The app should run through a "preamble" which sets up the `BigscreenAccountId`, by performing a lookup against the token from the currently logged in service (`ThirdPartyToken`).  If there's no matching `BigscreenAccountId` for the `ThirdPartyToken`, we create one.  Otherwise, we retrieve the existing `BigscreenAccountId` and send back a token (`SessionToken`) that can be used to access other functions during the session.  This is the extent of the login system.

This approach "outsources" the individual account management to Steam, Oculus Home, Google Play, and so forth, although we own the user, their relationship to Bigscreen, their relationships with other Bigscreen users, and so forth.

## Implementation details

`BigscreenAccountId` can be in uuid v4 format.
`ThirdPartyToken` is in the format used by the service that provides it (so we should probably just store it as an object).
`SessionToken` can be a JWT.

## Data invariants

A `BigscreenAccountId` can be attached to multiple unique `ThirdPartyTokens`; conversely, a unique `ThirdPartyToken` can only be attached to one `BigscreenAccountId`.

Only one `SessionToken` is attached to one `BigscreenAccountId`.


# Real time status of the user

The `BigscreenAccountId` should be sent to all calls that need it, on the signalling server.

For now, the signalling server doesn't really care about the origin of the `BigscreenAccountId`; an possible future change is for it to call this API to determine if the given `BigscreenAccountId` actually exists.


# Dealing with Account System Outages

TBA.


# Steam API Integration

I want to tie a `BigscreenAccountId` to a steam user token, or user id.  For this to work, the Steam API needs an endpoint that can verify that the player is logged in.

1) when a player launches an app from steam, is it possible to get a private session token from steam about the current player?  If not, what information can the app get about the current player?  Just publicly available stuff?

2) Is the steam public player id enough for this system to work?


# Creating new users:

We can allow people to create a new user from the website.  They can login with this user with the app.  The BigscreenAccountId is the same, but the token we retrieve should be passed back to the user when they login.