As not all processes can be performed on-chain, especially the game's mechanics, the Auth Message Signing App is a great showcase of the message sign feature. This makes it easier for them to understand and integrate it into their Dapps, confirming the authenticated web3 user for future off-chain actions.
Ways to verify the authenticity of the user
web 2 style
1 is the option with normal login
2 is the option with big centralized services such as google/Twitter / Facebook log in
web 3 style for equivalent actions of web 2 style that does not happen directly on-chain
web 3 style directly on chain ( confirming a transaction with the wallet being signed in )
How to verify the authenticity for off-chain actions
This is done through the user identity management, same principle as the normal login for web2. When you log into a website, you declare who you are (identification). Your identity is verified (authentication), and you are granted the necessary permissions (authorization).
You are asked to confirmed an off-chain message by the browser. This results in a generated cookie which will be used between the frontend and backend of the app to confirm your identity. To control the login life cycle, the cookie is valid for a period of time, anything from a few seconds, to 10 minutes, or even a few hours.
After the session expires, the user is required to confirm again his identify by signing a new message which creates a new cookie.