Post Fri Aug 31, 2018 5:58 pm

Coming soon: New Auth system, Crash reporter, installers

As some of you know, our Auth (login.. licensing) system has been basically the same since Lavish Software began in 2004. This system has worked fairly well over the years, but there have been many annoying issues.

I am happy to announce that we are finally replacing the whole thing, with a more reliable and compatible -- and modern -- system. It's already been tested by staff, and I expect to provide an Inner Space development build that supports this system by next weekend.

Before I get into details: In the near future, you will need access to the e-mail address on your Lavish Software account, and you will want this e-mail address to be successfully receiving our e-mails!

The Login Process
The actual process of logging in to Inner Space will be nearly identical to what you're used to, except there's a new "Keep me logged in for" drop-down box in place of the "Keep me logged in" check box. This drop-down box is used to tell our login server how long you would like your login to be good for, currently allowing 1 day, 180 days, or 1 year. When your login token is expired (or revoked for another reason), you will be required to log in again; it is (more or less) up to you when you would like to have to do that again.

When the switch-over occurs, you should expect to have to re-enter your Lavish login credentials!

New Device Authorization
The Inner Space personal use license has always specified that you are allowed to use the software on up to 5 devices at the same physical location (such as your house). Historically, this has always been an implicit system -- you've never needed to manage a list of your devices. The new system will require you to authorize new devices, with a process we expect to be fairly familiar -- to authorize a new device, you have the option of entering an Authenticator code, or by getting a code via e-mail. This process occurs when you first launch Inner Space on a new device.

When the switch-over occurs, you should expect to have to Authorize your existing devices, as they are "new" to the new system!

Steam works much the same way ("Steam Guard"), as do many MMOs.


Wait, did you just say Authenticator code?
Quick note: People like to refer to Authenticators as "2FA", however "2FA" does not specifically refer to Authenticators -- just any second (2) factor (F) used to authenticate (A) your identity (the first usually being your login/password). Second factors are often E-mail, SMS messages, Authenticator codes, etc.

Indeed, the new Auth system includes Mobile Authenticator support. But don't fret -- typically, logging in to our software and web sites will not require an Authenticator code. Rather, if you do add one, it will be used for sensitive operations such as New Device Authorization, or to verify it's you before allowing certain changes to your Lavish Software account.

When the switch-over occurs, you have the option of adding an Authenticator, but no change is required.

New Package Manager (Downloader/Installer/Uninstaller)
The new system includes a new Package Manager, which we call LavishBuild. LavishBuild can download, install, and uninstall Lavish products (starting with Inner Space). When you patch Inner Space, it will use LavishBuild to perform the updates. LavishBuild keeps a cache of compressed files for recently installed versions, so if you run into problems after an Inner Space update, you will be able to easily revert to your previously installed version.

Along with that, Add/Remove Programs (now "Apps & Features" in Windows 10) will properly list installed products, including the ability to modify/repair (e.g. revert to a previous build, refresh current build, etc) or uninstall.

Our installer packages for ISBoxer, Inner Space, etc will get updated to use LavishBuild at some point.

When the switch-over occurs, our new Package Manager will be used for Inner Space updates, and Inner Space will show up in Add/Remove Programs ("Apps & Features").

New Crash Reporter
LavishCrashMobile, the Lavish Crash Reporter, is getting updated to use the new Auth system. Where the original version often failed to send the crash report, the new version just works. Otherwise, the crash reporter will look about the same. Nothing short of amazing, right?

When the switch-over occurs, the Lavish Crash Reporter should work every time. (Now there's a selling point for something that should have worked every time before ;) )