JavaScript is required to use Bungie.net

Group Avatar

BungieNetPlatform

"Updates, discussions, and documentation of the BungieNetPlatform API."

Request Join
originally posted in:BungieNetPlatform
3/4/2015 2:23:37 PM
4

OAuth 2.0

This is a request for OAuth 2.0 support so that we can securely access endpoints that require authorization without trying to hack around your login process. There's a lot of potential out there for third-party apps but until we have a way to securely login without prompting users for credentials it's not going to happen.

Posting in language:

 

Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

  • To add, I would ideally like it to be permission-based a la Twitter, Google, Facebook, etc... so users can see what things they're authorising and for developers to target individual services. For example, an application which wants to view the contents of your vault probably doesn't need to be able to post to the forum. In saying that however, I think it's pertinent to recognise the inherent danger in third party applications having access to accounts (especially those which modify in-game elements) along with the susceptibility of players, especially younger ones. As most people here have no doubt seen already with what happened via Playstation's Share Play, some players will go to lengths to achieve what they think will give them an/the edge, even if it does mean cheating. So if they see an application which can do it for them (or at least claim to), I have no doubt some will try to use it. I still don't want to say I don't support the idea (obviously), but setting it up in such a way that allows third party applications to be deployed while communicating to players what the potential risks are of allowing them access is crucial.

    Posting in language:

     

    Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

    5 Replies
    • +1 for OAuth support. That'd be grand.

      Posting in language:

       

      Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

      1 Reply
      • +1 Bump. Makes little sense to have people hack around your auth when you could implement it legitimately and with a standard backed by so many well known companies.

        Posting in language:

         

        Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

      • +1 for oauth. I agree, hacking around the auth model is troublesome at best. There's no real way to gain user trust.

        Posting in language:

         

        Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

      You are not allowed to view this content.
      ;
      preload icon
      preload icon
      preload icon