{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
originally posted in:BungieNetPlatform
12/2/2015 1:00:42 AM
2
OAuth2 access for the API?
I've seen a few posts of people asking for OAuth2 access to the API. I'd like to 2nd, 3rd or even 4th the request, but I can't come up with a seamless implementation.
Bungie uses OAuth against PSN and XBL, but doesn't provide its own form of authentication. Is the following flow possible or is it just bananas:
1. Open example.com/sign-in
2. example.com redirects to bungie.net/oauth/authorize?params=here
3. bungie.net presents provider auth links PSN/XBL
4. User signs in
5. PSN/XBL redirects back to bungie.net for handshake
6. bungie.net redirects back to example.com
This flow would require some new session management logic, but it seems like it can leverage all of the existing provider specific logic. I could be missing something, but I'd love to hear any feedback on the idea.
-
@dazarobbo I've seen you comment on other OAuth2 related threads and fully aware the concerns/risks voiced before regarding players trying to gain an advantage in-game. Have you heard/seen and movement on the topic whether it be forward or shot down?
-
12 Replies1. Open example.com/sign-in (already there) 2. example.com redirects to bungie.net/oauth/authorize?params=here (already there) 3. bungie.net presents provider auth links PSN/XBL (already there) 4. User signs in (already there) 5. PSN/XBL redirects back to bungie.net for handshake (already there, this is where the token gets returned) 6. bungie.net redirects back to example.com (already there, the redirect point to www.bungie.net) So, i don't see what you are asking if it can change :(
