originally posted in:BungieNetPlatform
This is a request for OAuth 2.0 support so that we can securely access endpoints that require authorization without trying to hack around your login process. There's a lot of potential out there for third-party apps but until we have a way to securely login without prompting users for credentials it's not going to happen.
-
To add, I would ideally like it to be permission-based a la Twitter, Google, Facebook, etc... so users can see what things they're authorising and for developers to target individual services. For example, an application which wants to view the contents of your vault probably doesn't need to be able to post to the forum. In saying that however, I think it's pertinent to recognise the inherent danger in third party applications having access to accounts (especially those which modify in-game elements) along with the susceptibility of players, especially younger ones. As most people here have no doubt seen already with what happened via Playstation's Share Play, some players will go to lengths to achieve what they think will give them an/the edge, even if it does mean cheating. So if they see an application which can do it for them (or at least claim to), I have no doubt some will try to use it. I still don't want to say I don't support the idea (obviously), but setting it up in such a way that allows third party applications to be deployed while communicating to players what the potential risks are of allowing them access is crucial.
-
+1 for OAuth support. That'd be grand.
-
+1 Bump. Makes little sense to have people hack around your auth when you could implement it legitimately and with a standard backed by so many well known companies.
-
+1 for oauth. I agree, hacking around the auth model is troublesome at best. There's no real way to gain user trust.