originally posted in:BungieNetPlatform
Hey folks.
I've seen a lot of confusion over how to handle logging in to Destiny. Some of the solutions I've seen are kind of wrong/scary, and some of them require way too much effort or extra packages. (You do not need to simulate an entire browser to log in to Destiny.)
I took my Python code and extracted the bits that let you log in via PSN; I rewrote it as a "simple" bash script that relies on just curl and awk. Should run just about anywhere; 72 total lines and lots of comments. I'm not much of a shell scripter so it's probably not quite as clean as it could be.
In plain english, here's the sequence of events, which you should be able to do in any language that supports basic HTTP calls. The two URIs you'll need (url-encoded for convenience) are:
1. PSN_AUTHORIZE="https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize?response_type=code&client_id=78420c74-1fdf-4575-b43f-eb94c7d770bf&redirect_uri=https%3a%2f%2fwww.bungie.net%2fen%2fUser%2fSignIn%2fPsnid&scope=psn:s2s&request_locale=en"
2. PSN_LOGIN="https://auth.api.sonyentertainmentnetwork.com/login.do"
The HTTP sequence. Make sure you have redirects turned off - you don't need them and they make cookie handling a little more annoying:
1. GET PSN_AUTHORIZE; note the value of the "JSESSIONID" cookie.
2. POST PSN_LOGIN; make sure to pass the cookie from step 1, and send a form-encoded body: j_username with the username, j_password with the password. You'll get a new "JSESSIONID" cookie.
3. GET PSN_AUTHORIZE; pass the new cookie from step 2. You'll get redirected to something like https://www.bungie.net/en/User/SignIn/Psnid?code=000000 - let's call this BUNGIE_SIGNIN
4. GET BUNGIE_SIGNIN; note the values of cookies "bungled" and "bungleatk"
You can now make requests to the various Bungie APIs, including EquipItem!
According to my tests, you just need to pass bungled and bungleatk in as cookies, and then set the 'x-csrf' header to the value of bungled. API key appears to not always be necessary or checked.
Enjoy, guardians. My smartwatch fast item changer is almost complete. ;)
-
Definitely didn't mean to start a new topic...thought it was weird that it required a title for a comment. Sorry about that. Original comment: Hi abl, I'm new to working with API's and I've done a lot of reading the past couple days learning about HTTP requests and specifically the Destiny API. I am using python and httplib2 to interact with the API, and I'm wondering if I can just run this script from within python and then make authenticated requests? If it's easier to just log in to PSN using python code (which you mentioned in your post) and you don't mind sharing your python code, I would greatly appreciate it! I'm not planning on releasing any services or websites or anything like that, I'm a junior computer science major and I just love messing with stuff like this. Thanks for all of your posts across this group, they've been really helpful!
-
Edited by Stephenwatson201: 3/17/2015 2:53:24 PMThanks Abl, Sorry for the noob question, I am very much a basic hobbyist programmer using windows python. I tried running your code and got plenty of errors. I think the main reason for this is the wrong libraries have been installed.. Could you give me a list of the libraries you use (i'm guessing PyCURL for one?) Edit: OK Realised now it is a linux bash script... it does now run without error in that environment. The problem I have is that I am unclear as to how to extend this to use the destiny API? if you have any further examples or could point me to some resources I would appreciate it. Thanks Steve
-
Edited by smutp1rate: 3/15/2015 4:02:14 PMabl, thank you for this post. Until now I've had some trouble finding out what is going on with the login process. I have a couple questions for you. In your PSN_AUTHORIZE query, you have a client id value. Where did you get this? Is it a psn id similar to the api key or is this something provided by bungie to id the request as originating from a bungie application? Another field in the same request as part of the redirect uri, scope is set to psn:s2s, what is this specifying? Thanks again for posting this information, it's a big help.
-
I'm not very good with curl but I tried to use your strategy.. everything works fine until the redirect to bungie.net.. It doesnt redirect my to bungie.net in the third step if run PSN_AUTHORIZE. Probably I do something wrong or I miss something I also tried it with CURLOPT_FOLLOWLOCATION. Here my code snippet: http://pastebin.com/YJtJefBK I hope someone can help me Thanks Sorry for my bad english, I hope you understand it ;-)
-
I have not been able to get PSN authentication to work using PHP cURL, even using your method it always seems to fail at the "login.do" point and tries to redirect to "https://auth.api.sonyentertainmentnetwork.com/login.jsp?authentication_error=true".
-
You don't need to "act like a browser" but keeping the browser workflow identical helps to future proof you if, say, URLs or client ids change in the workflow. Is it likely to happen? Probably not, but you never know. Nice info with the cookies. I never bothered to test which ones were required.