/tg/station oauth like login api.

(Mainly the wiki)
Post Reply
User avatar
MrStonedOne
Host
Joined: Mon Apr 14, 2014 10:56 pm
Byond Username: MrStonedOne
Github Username: MrStonedOne

/tg/station oauth like login api.

Post by MrStonedOne » #261568

This is very early stages. Using this system, you can log users in via their tgstation13 forum account to your site. Similar to those sign in with your steam account sites.

Step one:

Code: Select all

GET: https://tgstation13.org/phpBB/oauth_create_session.php?site_private_token=SomeTokenHere&return_uri=https%3A%2F%2Fsomesite.com%2Freceive.php
Parameters:
  • site_private_token: base64 encoded string (between 32 and 255 bytes decoded) as an identifier for your site. This will be needed to retrieve any details. This should be kept secret and remembered. (note: base64 strings are not url safe and must be url encoded)
  • return_uri: Place to send the user when they approve the login. The hostname portion of this will be shown to the user.
    • Note: No information will be appended by the oauth system to this uri, it is your responsibility to either include some sort of identifier here so you can link the returning user to the oauth session or use cookies to do the same.
Response (json):

Code: Select all

{  
   "status":"OK",
   "session_private_token":"4ZeInoLFLqK65bp7XJHD9TOS+kzFvT2KhTLv3Zg0ARfrlUc75HmMIIxhWR2kQLy\/tMfFdW7pdeJ6wnUbU3rK8g==",
   "session_public_token":"greeXIElmDjHmL3Nn+zw75cNRmGx0o\/m3d01MOWg3p387OGO+h1vjAQzjZhapd4\/E5bZhtpmIdqvmirXLd35mA=="
}
  • status: OK|error
  • error: Error message explaining what went wrong (or nonexistent). (Please include the full unmodified error message in all help requests. There are errors with similar but different messages so that I can know what exact check failed.)
  • session_private_token: base64 encoded 64 byte string. This will be used to get the user details after they approve your access. This is private and not even the user should be allowed to see it. Do not accept user provided private tokens.
  • session_public_token: base64 encoded 64 byte string. This will be sent with the user when asking permission to log in.

Step two:

Code: Select all

USER REDIRECT: https://tgstation13.org/phpBB/oauth.php?session_public_token=SomeTokenHere
Parameters:
  • session_public_token: the public session token from the first step. (note: base64 strings are not url safe and must be url encoded)
User will get a prompt to approve or deny your access or an error message. (Please include the full unmodified error message in all help requests. There are errors with similar but different messages so that I can know what exact check failed.)

Step Three:
After the user returns to the site listed in return_uri in the first step:

Code: Select all

GET: https://tgstation13.org/phpBB/oauth_get_session_info.php?site_private_token=SomeTokenHere&session_private_token=SomeTokenHere
Parameters:
  • site_private_token: base64 encoded string (between 32 and 255 bytes decoded) from step 1. (note: base64 strings are not url safe and must be url encoded)
  • session_private_token: the private session token from the first step. (note: base64 strings are not url safe and must be url encoded)
Response(json):

Code: Select all

{  
   "status":"OK",
   "phpbb_username":"MrStonedOne",
   "byond_key":"MrStonedOne",
   "byond_ckey":"mrstonedone"
}
  • status: OK|error
  • error: Error message explaining what went wrong (or nonexistent). (Please include the full unmodified error message in all help requests. There are errors with similar but different messages so that I can know what exact check failed.)
  • phpbb_username: The users forum username
  • byond_key: The user's byond username (key) or false if they haven't linked a byond account
  • byond_ckey: The ckey version of the user's byond username. This will be all lowercase and not contain special characters. Internally to byond and /tg/station's systems this is the user's TRUE username, the key is only for displaying.
Best Practices:
  • oauth_get_session_info.php does not expire tokens unless they go long (30 days) without use or the user changes their password. Do not cache the info it provides for too long, and consider re-validating the session when processing protected actions.
  • This system is secure (in theory) against spoofing, but not reverse spoofing. an attacker cannot spoof a user's account but could in theory trick a user into logging in as the attackers account. To protect against this (if it actually matters for your use case, it doesn't for most), when processing a return from an oauth.php redirect, give the user a prompt displaying the phpbb and byond account names they are about to login as and protect this prompt against CSRF.
  • Base64 strings are not url safe and must be url encoded
Forum/Wiki Administrator, Server host, Database King, Master Coder
MrStonedOne on digg(banned), Steam, IRC, Skype Discord. (!vAKvpFcksg)
Image
User avatar
Atlanta-Ned
In-Game Game Master
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Post by Atlanta-Ned » #261588

HAPPENING
Statbus! | Admin Feedback
OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are
User avatar
Atlanta-Ned
In-Game Game Master
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Post by Atlanta-Ned » #261800

Alright, give it a shot here: https://atlantaned.space/newSS13tools/auth.php

If it works, it should display your ckey in the upper-right hand side of the navigation bar. If not, tell me here.
Statbus! | Admin Feedback
OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are
User avatar
XDTM
Github User
Joined: Fri Mar 04, 2016 8:38 pm
Byond Username: XDTM
Github Username: XDTM
Location: XDTM

Re: /tg/station oauth like login api.

Post by XDTM » #262021

I tested it, it doesn't seem to catch my username after i authenticate and it still only shows the Authenticate link.
a.k.a. Duke Hayka

Coder of golems, virology, hallucinations, traumas, nanites, and a bunch of miscellaneous stuff.
User avatar
Remie Richards
Joined: Thu Apr 17, 2014 7:11 pm
Byond Username: CrimsonVision
Location: England, UK, Earth, Sol, Milky Way, Local Group, Virgo Supercluster, Known Universe
Contact:

Re: /tg/station oauth like login api.

Post by Remie Richards » #262041

Atlanta-Ned wrote:Alright, give it a shot here: https://atlantaned.space/newSS13tools/auth.php

If it works, it should display your ckey in the upper-right hand side of the navigation bar. If not, tell me here.
Preview data that will be sent
{"status":"OK","phpbb_username":"Remie Richards","byond_key":"CrimsonVision","byond_ckey":"crimsonvision"}
seems ok.
私は完璧
User avatar
Iatots
Joined: Thu Oct 13, 2016 3:17 pm
Byond Username: Iatots
Github Username: Iatots

Re: /tg/station oauth like login api.

Post by Iatots » #262046

I too have correct preview data, but the site still asks to authenticate like with XDTM.
User avatar
Atlanta-Ned
In-Game Game Master
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Post by Atlanta-Ned » #262081

Iatots wrote:I too have correct preview data, but the site still asks to authenticate like with XDTM.
XDTM wrote:I tested it, it doesn't seem to catch my username after i authenticate and it still only shows the Authenticate link.
Do you have special settings for cookies? This relies on atlantaned.space setting cookies.

EDIT: Oh, nope, it straight up isn't working. Argh.
Statbus! | Admin Feedback
OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are
User avatar
Jordie0608
Site Admin
Joined: Tue Apr 15, 2014 1:33 pm
Byond Username: Jordie0608
Github Username: Jordie0608
Location: Spiderland, Australia

Re: /tg/station oauth like login api.

Post by Jordie0608 » #262422

Works for me. Perhaps something to do with rank? Two players report failure to two successful admins.
Forum Admin
Send me a PM if you have any issues, concerns or praise of fishfood to express about the forums.
User avatar
MrStonedOne
Host
Joined: Mon Apr 14, 2014 10:56 pm
Byond Username: MrStonedOne
Github Username: MrStonedOne

Re: /tg/station oauth like login api.

Post by MrStonedOne » #262485

it think it was fixed. I just tried with my testing account and it worked.
Forum/Wiki Administrator, Server host, Database King, Master Coder
MrStonedOne on digg(banned), Steam, IRC, Skype Discord. (!vAKvpFcksg)
Image
User avatar
XDTM
Github User
Joined: Fri Mar 04, 2016 8:38 pm
Byond Username: XDTM
Github Username: XDTM
Location: XDTM

Re: /tg/station oauth like login api.

Post by XDTM » #262559

Confirmed, it works for me now as well.
a.k.a. Duke Hayka

Coder of golems, virology, hallucinations, traumas, nanites, and a bunch of miscellaneous stuff.
User avatar
Iatots
Joined: Thu Oct 13, 2016 3:17 pm
Byond Username: Iatots
Github Username: Iatots

Re: /tg/station oauth like login api.

Post by Iatots » #262591

All's good on my end too.
User avatar
Atlanta-Ned
In-Game Game Master
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Post by Atlanta-Ned » #262657

Yay! Thanks everyone!
Statbus! | Admin Feedback
OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are
User avatar
bobbahbrown
Joined: Mon Nov 10, 2014 1:04 am
Byond Username: Bobbahbrown
Location: canada
Contact:

Re: /tg/station oauth like login api.

Post by bobbahbrown » #492881

i too have successfully consumed tg oauth
Image
Image
Image
Image
Image
Image

The information contained in this post is intended only for the individual or entity to whom it is addressed. Its contents (including any attachments) may contain confidential and/or privileged information. If you are not an intended recipient, you may not use, disclose, disseminate, copy or print its contents. If you received this post in error, please notify the sender by reply post and delete and destroy the message.

L’information contenue dans ce message est destinée exclusivement aux personnes ou aux entités auxquelles le message est adressé. Le contenu de ce message (y compris toute pièce jointe) peut renfermer de l’information confidentielle et / ou privilégiée. Si ce message ne vous est pas destiné, vous ne pouvez utiliser, divulguer, diffuser, copier ou imprimer son contenu. Si vous avez reçu ce message par erreur, veuillez aviser l’expéditeur en lui faisant parvenir une réponse. De plus, veuillez supprimer et détruire le message.
User avatar
bobbahbrown
Joined: Mon Nov 10, 2014 1:04 am
Byond Username: Bobbahbrown
Location: canada
Contact:

Re: /tg/station oauth like login api.

Post by bobbahbrown » #513543

is it possible that we can have user groups passed through the api?

it would be useful to assign privilege or access based on those roles
Image
Image
Image
Image
Image
Image

The information contained in this post is intended only for the individual or entity to whom it is addressed. Its contents (including any attachments) may contain confidential and/or privileged information. If you are not an intended recipient, you may not use, disclose, disseminate, copy or print its contents. If you received this post in error, please notify the sender by reply post and delete and destroy the message.

L’information contenue dans ce message est destinée exclusivement aux personnes ou aux entités auxquelles le message est adressé. Le contenu de ce message (y compris toute pièce jointe) peut renfermer de l’information confidentielle et / ou privilégiée. Si ce message ne vous est pas destiné, vous ne pouvez utiliser, divulguer, diffuser, copier ou imprimer son contenu. Si vous avez reçu ce message par erreur, veuillez aviser l’expéditeur en lui faisant parvenir une réponse. De plus, veuillez supprimer et détruire le message.
User avatar
Cyberboss
Code Maintainer
Joined: Mon Sep 26, 2016 7:58 pm
Byond Username: Cyberboss
Github Username: Cyberboss
Location: Ontario, CA
Contact:

Re: /tg/station oauth like login api.

Post by Cyberboss » #582075

Noting since TGS API docs link here. The value that should be used for "externalUserId" is the "phpbb_username".
ImageImage
User avatar
oranges
Code Maintainer
Joined: Tue Apr 15, 2014 9:16 pm
Byond Username: Optimumtact
Github Username: optimumtact
Location: #CHATSHITGETBANGED

Re: /tg/station oauth like login api.

Post by oranges » #582935

"oauth like"
User avatar
bobbahbrown
Joined: Mon Nov 10, 2014 1:04 am
Byond Username: Bobbahbrown
Location: canada
Contact:

Re: /tg/station oauth like login api.

Post by bobbahbrown » #582963

oranges wrote:"oauth like"
soon
Image
Image
Image
Image
Image
Image

The information contained in this post is intended only for the individual or entity to whom it is addressed. Its contents (including any attachments) may contain confidential and/or privileged information. If you are not an intended recipient, you may not use, disclose, disseminate, copy or print its contents. If you received this post in error, please notify the sender by reply post and delete and destroy the message.

L’information contenue dans ce message est destinée exclusivement aux personnes ou aux entités auxquelles le message est adressé. Le contenu de ce message (y compris toute pièce jointe) peut renfermer de l’information confidentielle et / ou privilégiée. Si ce message ne vous est pas destiné, vous ne pouvez utiliser, divulguer, diffuser, copier ou imprimer son contenu. Si vous avez reçu ce message par erreur, veuillez aviser l’expéditeur en lui faisant parvenir une réponse. De plus, veuillez supprimer et détruire le message.
Post Reply

Who is online

Users browsing this forum: No registered users