Suggest a Feature
Please check out the following guidelines before suggesting a feature! Off-topic posts will be deleted.
Post Title
Use Vroid's new multiplayer SDK to let users import avatars more easily.
VRoid has released a multiplayer SDK, here are the details (I translated this from their announcement using Google:) "In addition, a new “Multiplayer SDK” function will be added to the “VRoid SDK” SDK for developers that can call avatar models into games and services through VRoid Hub. This enables the development of services and games in which multiple players call and operate their own avatars on a single playground. With this SDK, developers can provide not only VR communication platform but also multi-player play of fighting games that bring their own characters." They are also updating VRoid to export lightweight models: "With VRoid Studio, a 3D avatar model making tool provided by the VRoid project, it is now possible to export a VRM file (a file format for handling 3D avatar model data) while reducing the drawing load of the created model Become. With this function, avatar users will be able to enjoy various game services using their avatar more easily than ever." Vroid has a contact form for any game dev to apply for their new SDK. This is a great opportunity to not only gain a new source of avatars, but use this in tandem with lightweight exporting so avatars run well on Quest too. Original announcement link: Their contact form: Just translate each line before you put in information and you'll be good to go.
Allow authcookie to be used from a different IP address + extra features
First of all, authcookie's should not be bound to a single IPv4/IPv6 address as this would cause several issues with the VRChat client when the IP address changes. Users are still able to join instances through the friends list due to the Photon servers not verifying the authcookie but stuff like the friends list doesn't refresh and shows old information until the client is restarted, at which point a re-login is required since that authcookie seems to be the only thing that VRChat stores across restarts, which also causes users to pick less secure passwords (because who wants to type in a 20 character password with special characters every time they need to restart their game due to this limitation?). I do understand that implementing this would cause a security risk to be added to the entire system as authcookies can be stolen, even through other means than just a VRChat security hole, so extra steps need to be implemented to counteract against this risk: authcookie's should be "dynamic" bound by default, which means they can be used from any IP address if at least one or multiple of many comparison factors are met: Country where the IP address is assigned in according to it's whois, AS number of the IP address, Cloudflare datacenter and/or location the traffic has passed through, HWID if it's from the VRChat client or User-Agent if it's from a browser. If too many comparison factors fail the check, the client needs to reauthenticate. Once the client re-uses that same authcookie multiple times on different days with the same IP address, the authcookie turns into a "static" bound one which means it gets rejected when trying to use it from a different IP address, HWID/User-Agent, etc. than the one it is bound to or when at least one of the other comparison factors fail (other than the Cloudflare DC/location which should just be a fallback check for the dynamic bound option). Additionally, authcookie information, the bound type and which IP address or IP addresses each authcookie was used and at exactly what timestamp it was used, should be exposed directly to the user, at least through the website, and the user should be given the option to expire a certain authcookie through a single click operation as well as set the expiration time and force reauthentication time for authcookies (expiration time = expire when not used within X days; reauth time = force reauthentication, even on valid authcookies).
Load More