originally posted in:BungieNetPlatform
Looking for some guidance on the authentication aspects of the Destiny API - I've found basically everything on this group that is accessible from a google search already. I just want to check if I'm headed down a bad path.
I'm a C++ programmer by trade, and I know very little about web stuff. I've learned that Destiny has a pretty weird authentication system. I've started a tiny webapp, and I have character nameplates and stuff working. But I'm gonna need access to the private APIs...
Right now I have a node.js webserver making the destiny API calls, passing data to a template engine, and just returning static HTML to the client. In order to use the private API calls, I need the bungie cookie tokens, right? My plan was basically to make an input box for PSN/XBL username/password and do the authentication on the client side, then grab the bungie cookie value and pass that to my webserver. Is this even possible? Are there any pitfalls in this plan? Do most people do all the API requests on the client side? I think there are CORS problems with this approach, right? I am not aware of any destiny webapps that use private APIs other than chrome extensions and mobile apps that get access to all your cookies.
English
#Bungie
-
Well... I had a huge response typed up saying you should just use a webview and collect their cookies that way, then I re-read the last part of your question. The way you want to do it is entirely possible though. You'll just have to collect the 'set-cookie' values from the http-responses and include them in your future requests. There are several examples on the wiki of what you need to collect etc. I don't think there is a c++ one there, but there are quite a few other languages, and they should give the same idea. To note though, users typically don't like this, as there is often the question of why you need to have their username/password. But because there isn't OAuth and because of the CORS problems you mentioned, that's the only avenue for server-based apps that I know of. wiki: http://destinydevs.github.io/BungieNetPlatform/docs/Authentication