JavaScript is required to use Bungie.net

#Bungie

originally posted in:BungieNetPlatform
3/6/2015 9:58:23 PM
7

"Simple" authentication using PSN

Hey folks. I've seen a lot of confusion over how to handle logging in to Destiny. Some of the solutions I've seen are kind of wrong/scary, and some of them require way too much effort or extra packages. (You do not need to simulate an entire browser to log in to Destiny.) I took my Python code and extracted the bits that let you log in via PSN; I rewrote it as a "simple" bash script that relies on just curl and awk. Should run just about anywhere; 72 total lines and lots of comments. I'm not much of a shell scripter so it's probably not quite as clean as it could be. In plain english, here's the sequence of events, which you should be able to do in any language that supports basic HTTP calls. The two URIs you'll need (url-encoded for convenience) are: 1. PSN_AUTHORIZE="https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize?response_type=code&client_id=78420c74-1fdf-4575-b43f-eb94c7d770bf&redirect_uri=https%3a%2f%2fwww.bungie.net%2fen%2fUser%2fSignIn%2fPsnid&scope=psn:s2s&request_locale=en" 2. PSN_LOGIN="https://auth.api.sonyentertainmentnetwork.com/login.do" The HTTP sequence. Make sure you have redirects turned off - you don't need them and they make cookie handling a little more annoying: 1. GET PSN_AUTHORIZE; note the value of the "JSESSIONID" cookie. 2. POST PSN_LOGIN; make sure to pass the cookie from step 1, and send a form-encoded body: j_username with the username, j_password with the password. You'll get a new "JSESSIONID" cookie. 3. GET PSN_AUTHORIZE; pass the new cookie from step 2. You'll get redirected to something like https://www.bungie.net/en/User/SignIn/Psnid?code=000000 - let's call this BUNGIE_SIGNIN 4. GET BUNGIE_SIGNIN; note the values of cookies "bungled" and "bungleatk" You can now make requests to the various Bungie APIs, including EquipItem! According to my tests, you just need to pass bungled and bungleatk in as cookies, and then set the 'x-csrf' header to the value of bungled. API key appears to not always be necessary or checked. Enjoy, guardians. My smartwatch fast item changer is almost complete. ;)
English
#Bungie

Posting in language:

 

Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

View Entire Topic
  • Edited by smutp1rate: 3/15/2015 4:02:14 PM
    abl, thank you for this post. Until now I've had some trouble finding out what is going on with the login process. I have a couple questions for you. In your PSN_AUTHORIZE query, you have a client id value. Where did you get this? Is it a psn id similar to the api key or is this something provided by bungie to id the request as originating from a bungie application? Another field in the same request as part of the redirect uri, scope is set to psn:s2s, what is this specifying? Thanks again for posting this information, it's a big help.

    Posting in language:

     

    Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

    2 Replies
    You are not allowed to view this content.
    ;
    preload icon
    preload icon
    preload icon