JavaScript is required to use Bungie.net

Forums

originally posted in:BungieNetPlatform
9/13/2014 11:35:08 AM
3

Authentication

A pretty basic question, but how do you authenticate? I see both the C# and the Node.js API have some auth mechanisms and some ways to circumvent the CSRF protection. But I don't know what it is you're doing and how you're doing it, and I suck at C. I'm a Python guy and want to get some data to analyse, as well as create a Python wrapper. Any help appreciated!
English

Posting in language:

 

Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

  • Edited by Jarvis T. Smokin: 11/17/2014 12:28:22 PM
    I'm struggling a bit with this as well. If I go to the bungie.net site and log in (in my browser), then open a new tab in the same browser and go to this URL, then it returns a bunch of data: http://www.bungie.net/Platform/Destiny/TigerPsn/Account/<my account id>/Character/<my character id>/Inventory/?lc=en&fmt=true&lcin=true&definitions=true If I go to this URL to get the non-public view of my inventory, I get a message with an authorisation error: http://www.bungie.net/Platform/Destiny/2/MyAccount/Character/<my character id>/Vendor/892630493/?lc=en&fmt=true&lcin=true&definitions=true error returned: {"ErrorCode":99,"ThrottleSeconds":0,"ErrorStatus":"WebAuthRequired","Message":"Please sign-in to continue.","MessageData":{}} What I don't get is if I'm already logged in in the browser and just opening a new tab, why is it saying I'm not signed in, do I need to specifically send that request with something set in the request headers?

    Posting in language:

     

    Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

    2 Replies
    • At first, the CSRF protection really only is for POST data so you only need it if you want to actually do something beyond fetching data. You would probably need a headless browser to fetch the cookies from. I only know of QtWebkit but that might be a bit much. The basic steps you need to take are these: 1. Choose an Auth Strategy you want to use (FB/PSN/XBL, haven't yet gotten google to work) 2. Automate the login process on a headless browser using your favorite scripting language. Use http://www.bungie.net/de/User/SignIn/[AuthStrategy] to get a proper redirect. 3. Wait until you get back to the bungie signin page with a code or better, check for the bungleatk token (you'll need it). 4. Dump all the cookies from the browser, make sure that there is the bungleatk token. 5. Feed the cookies into a cookiejar and use it on subsequent requests in your favorite scripting language 6. Profit.

      Posting in language:

       

      Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

      7 Replies
      • For the most part you just need to keep track of the cookies being used and, in certain circumstances, include an extra request header to mimic a browser.

        Posting in language:

         

        Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

        2 Replies
        You are not allowed to view this content.
        ;
        preload icon
        preload icon
        preload icon