Make sure that the caller is the game canister

I am developing a game with a score. When the user finishes his game on the game canister, I want to store his score in another canister. But I want to avoid that anyone could call the canister and set a score. Is there a way to make sure that the score is made by the game ? Because I need to use an identity to sign the score but I don’t think that storing an identity in the front-end is a good idea.

assuming your main “game” canister calls your “score” canister, you should be able to test the caller is your “game” canister in your “second” canister but it would need to hard code the principal of the game canister for comparison purpose.

user → “game” canister → “score” canister

Something as following in motoko:

public shared({ caller }) func myFuntion(): async() {
       func isGameCanister(): Bool {
            // "xxxxx-xaaaa-aaaax-qadoa-cai" is your game canister id
            Principal.fromText("xxxxx-xaaaa-aaaax-qadoa-cai") == caller
        };

      if (not isGameCanister()) {
          throw Error.reject("Unauthorized access. Caller is not the game canister.");
      };

     // ...
  };

Thank you for your answer. Maybe I wasn’t clear, the Game Canister is an asset Canister, so to call the Score canister I have to use and Identity, and I don’t know if it’s possible to use the asset canister’s identity.

Mybad, this worked for me I will post my code to share it with everyone

1 Like