/tg/station oauth like login api.

(Mainly the wiki)
User avatar
MrStonedOne
Host
 
Joined: Mon Apr 14, 2014 10:56 pm
Byond Username: MrStonedOne
Github Username: MrStonedOne

/tg/station oauth like login api.

Postby MrStonedOne » Tue Feb 28, 2017 11:10 am #261568

This is very early stages. Using this system, you can log users in via their tgstation13 forum account to your site. Similar to those sign in with your steam account sites.

Step one:


Code: Select all
GET: https://tgstation13.org/phpBB/oauth_create_session.php?site_private_token=SomeTokenHere&return_uri=https%3A%2F%2Fsomesite.com%2Freceive.php


Parameters:
  • site_private_token: base64 encoded string (between 32 and 255 bytes decoded) as an identifier for your site. This will be needed to retrieve any details. This should be kept secret and remembered.
  • return_uri: Place to send the user when they approve the login. The hostname portion of this will be shown to the user.
    • Note: No information will be appended by the oauth system to this uri, it is your responsibility to either include some sort of identifier here so you can link the returning user to the oauth session or use cookies to do the same.

Response (json):
Code: Select all

   "status":"OK",
   "session_private_token":"4ZeInoLFLqK65bp7XJHD9TOS+kzFvT2KhTLv3Zg0ARfrlUc75HmMIIxhWR2kQLy\/tMfFdW7pdeJ6wnUbU3rK8g==",
   "session_public_token":"greeXIElmDjHmL3Nn+zw75cNRmGx0o\/m3d01MOWg3p387OGO+h1vjAQzjZhapd4\/E5bZhtpmIdqvmirXLd35mA=="
}


  • status: OK|error
  • error: Error message explaining what went wrong (or nonexistent). (Please include the full unmodified error message in all help requests. There are errors with similar but different messages so that I can know what exact check failed.)
  • session_private_token: base64 encoded 64 byte string. This will be used to get the user details after they approve your access. This is private and not even the user should be allowed to see it. Do not accept user provided private tokens.
  • session_public_token: base64 encoded 64 byte string. This will be sent with the user when asking permission to log in.


Step two:


Code: Select all
USER REDIRECT: https://tgstation13.org/phpbb/oauth.php?session_public_token=SomeTokenHere


Parameters:
  • session_public_token: the public session token from the first step.
User will get a prompt to approve or deny your access or an error message. (Please include the full unmodified error message in all help requests. There are errors with similar but different messages so that I can know what exact check failed.)

Step Three:


After the user returns to the site listed in return_uri in the first step:

Code: Select all
GET: https://tgstation13.org/phpBB/oauth_get_session_info.php?site_private_token=SomeTokenHere&session_private_token=SomeTokenHere


Parameters:
  • site_private_token: base64 encoded string (between 32 and 255 bytes decoded) from step 1.
  • session_private_token: the private session token from the first step.

Response(json):
Code: Select all

   "status":"OK",
   "phpbb_username":"MrStonedOne",
   "byond_key":"MrStonedOne",
   "byond_ckey":"mrstonedone"
}


  • status: OK|error
  • error: Error message explaining what went wrong (or nonexistent). (Please include the full unmodified error message in all help requests. There are errors with similar but different messages so that I can know what exact check failed.)
  • phpbb_username: The users forum username
  • byond_key: The user's byond username (key) or false if they haven't linked a byond account
  • byond_ckey: The ckey version of the user's byond username. This will be all lowercase and not contain special characters. Internally to byond and /tg/station's systems this is the user's TRUE username, the key is only for displaying.

Best Practices:

  • oauth_get_session_info.php does not expire tokens unless they go long (30 days) without use or the user changes their password. Do not cache the info it provides for too long, and consider re-validating the session when processing protected actions.
  • This system is secure (in theory) against spoofing, but not reverse spoofing. an attacker cannot spoof a user's account but could in theory trick a user into logging in as the attackers account. To protect against this (if it actually matters for your use case, it doesn't for most), when processing a return from an oauth.php redirect, give the user a prompt displaying the phpbb and byond account names they are about to login as and protect this prompt against CSRF.
Forum/Wiki Administrator, Server host, Database King, Master Coder


MrStonedOne on Reddit(banned), Steam, IRC, Skype Discord.

[10:55 AM] spookydonut: stonedmc is the work of a criminally insane mad genius



User avatar
Atlanta-Ned
In-Game Admin
 
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Postby Atlanta-Ned » Tue Feb 28, 2017 2:41 pm #261588

HAPPENING
Feedback pls (Don't bother though, because I am perfect)
### ListVarEdit by Atlanta-ned: /datum/reagents reagent_list: Water=/obj/item/weapon/gun/energy/alien
IcePacks wrote:>all you have is a taser and the cold realization that you're a haphazard bandaid over a problem that may or may not exist, applied by someone who doesn't know or care enough about their job to do it properly

OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are

PostThis post was deleted by Atlanta-Ned on Wed Mar 01, 2017 12:34 am.
Reason: Outdated

User avatar
Atlanta-Ned
In-Game Admin
 
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Postby Atlanta-Ned » Wed Mar 01, 2017 12:34 am #261800

Alright, give it a shot here: https://atlantaned.space/newSS13tools/auth.php

If it works, it should display your ckey in the upper-right hand side of the navigation bar. If not, tell me here.
Feedback pls (Don't bother though, because I am perfect)
### ListVarEdit by Atlanta-ned: /datum/reagents reagent_list: Water=/obj/item/weapon/gun/energy/alien
IcePacks wrote:>all you have is a taser and the cold realization that you're a haphazard bandaid over a problem that may or may not exist, applied by someone who doesn't know or care enough about their job to do it properly

OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are

User avatar
XDTM
Github User
 
Joined: Fri Mar 04, 2016 8:38 pm
Location: XDTM
Byond Username: XDTM
Github Username: XDTM

Re: /tg/station oauth like login api.

Postby XDTM » Wed Mar 01, 2017 7:38 am #262021

I tested it, it doesn't seem to catch my username after i authenticate and it still only shows the Authenticate link.
Patron of golems, virology, hallucinations and traumas. And now, nanites.

Ex-Keeper of the wiki.

Image

User avatar
Remie Richards
 
Joined: Thu Apr 17, 2014 7:11 pm
Location: England, UK, Earth, Sol, Milky Way, Local Group, Virgo Supercluster, Known Universe
Byond Username: CrimsonVision

Re: /tg/station oauth like login api.

Postby Remie Richards » Wed Mar 01, 2017 9:46 am #262041

Atlanta-Ned wrote:Alright, give it a shot here: https://atlantaned.space/newSS13tools/auth.php

If it works, it should display your ckey in the upper-right hand side of the navigation bar. If not, tell me here.


Preview data that will be sent
{"status":"OK","phpbb_username":"Remie Richards","byond_key":"CrimsonVision","byond_ckey":"crimsonvision"}


seems ok.
私は完璧

User avatar
Iatots
 
Joined: Thu Oct 13, 2016 3:17 pm
Byond Username: Iatots
Github Username: Iatots

Re: /tg/station oauth like login api.

Postby Iatots » Wed Mar 01, 2017 10:19 am #262046

I too have correct preview data, but the site still asks to authenticate like with XDTM.

User avatar
Atlanta-Ned
In-Game Admin
 
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Postby Atlanta-Ned » Wed Mar 01, 2017 2:21 pm #262081

Iatots wrote:I too have correct preview data, but the site still asks to authenticate like with XDTM.
XDTM wrote:I tested it, it doesn't seem to catch my username after i authenticate and it still only shows the Authenticate link.


Do you have special settings for cookies? This relies on atlantaned.space setting cookies.

EDIT: Oh, nope, it straight up isn't working. Argh.
Feedback pls (Don't bother though, because I am perfect)
### ListVarEdit by Atlanta-ned: /datum/reagents reagent_list: Water=/obj/item/weapon/gun/energy/alien
IcePacks wrote:>all you have is a taser and the cold realization that you're a haphazard bandaid over a problem that may or may not exist, applied by someone who doesn't know or care enough about their job to do it properly

OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are

User avatar
Jordie0608
Site Admin
 
Joined: Tue Apr 15, 2014 1:33 pm
Location: Spiderland, Australia
Byond Username: Jordie0608
Github Username: Jordie0608

Re: /tg/station oauth like login api.

Postby Jordie0608 » Wed Mar 01, 2017 11:59 pm #262422

Works for me. Perhaps something to do with rank? Two players report failure to two successful admins.
Forum Admin
Send me a PM if you have any issues, concerns or praise of fishfood to express about the forums.

User avatar
MrStonedOne
Host
 
Joined: Mon Apr 14, 2014 10:56 pm
Byond Username: MrStonedOne
Github Username: MrStonedOne

Re: /tg/station oauth like login api.

Postby MrStonedOne » Thu Mar 02, 2017 2:26 am #262485

it think it was fixed. I just tried with my testing account and it worked.
Forum/Wiki Administrator, Server host, Database King, Master Coder


MrStonedOne on Reddit(banned), Steam, IRC, Skype Discord.

[10:55 AM] spookydonut: stonedmc is the work of a criminally insane mad genius

User avatar
XDTM
Github User
 
Joined: Fri Mar 04, 2016 8:38 pm
Location: XDTM
Byond Username: XDTM
Github Username: XDTM

Re: /tg/station oauth like login api.

Postby XDTM » Thu Mar 02, 2017 7:12 am #262559

Confirmed, it works for me now as well.
Patron of golems, virology, hallucinations and traumas. And now, nanites.

Ex-Keeper of the wiki.

Image

User avatar
Iatots
 
Joined: Thu Oct 13, 2016 3:17 pm
Byond Username: Iatots
Github Username: Iatots

Re: /tg/station oauth like login api.

Postby Iatots » Thu Mar 02, 2017 11:41 am #262591

All's good on my end too.

User avatar
Atlanta-Ned
In-Game Admin
 
Joined: Fri Apr 18, 2014 2:11 pm
Byond Username: Atlanta-ned

Re: /tg/station oauth like login api.

Postby Atlanta-Ned » Thu Mar 02, 2017 4:08 pm #262657

Yay! Thanks everyone!
Feedback pls (Don't bother though, because I am perfect)
### ListVarEdit by Atlanta-ned: /datum/reagents reagent_list: Water=/obj/item/weapon/gun/energy/alien
IcePacks wrote:>all you have is a taser and the cold realization that you're a haphazard bandaid over a problem that may or may not exist, applied by someone who doesn't know or care enough about their job to do it properly

OOC: Pizzatiger: God damn Atlanta, how are you so fucking smart and charming. It fucking pisses me off how perfect you are

User avatar
bobbahbrown
 
Joined: Mon Nov 10, 2014 1:04 am
Location: canada
Byond Username: Bobbahbrown

Re: /tg/station oauth like login api.

Postby bobbahbrown » Thu May 09, 2019 4:05 am #492881

i too have successfully consumed tg oauth
Image
Image


Return to Site, Forums, And Wiki

Who is online

Users browsing this forum: ImeldaGak