Open mooreds opened 3 years ago
robotdan
commented
3 years ago I was only aware that they supported the implicit grant. I think we even reached out to them about this when we built this integration. I would like to understand why they do not document it before we try to implement it.
mooreds
commented
3 years ago @fatshark-ace can you share any details?
fatshark-ace
commented
3 years ago Heya @mooreds, @robotdan
As of just now, there's a line in the linked docs which specifies that code grant is a valid grant type.
Hopefully that makes it somewhat more official to build against!
mooreds
commented
3 years ago Here's the relevant new section of the docs:
If you include the state parameter, it will be passed back to the redirect URI after the user has confirmed or denied access. Note that the authorization code grant type is also supported, by using the response_type=code during login.@voidmain or @brettwp do you remember if we looked into using the auth code grant for Steam?
brettwp
commented
3 years ago We did not look into using the "auth code grant". Earlier this year when I added this IdP to FusionAuth the only available and documented oauth grant was "implicit". As @fatshark-ace mentioned and looking at the web archive this new mention in the docs "that the authorization code grant type is also supported, by using the response_type=code" was added Oct 19th. Who knows how long it has been undocumented, but still supported.
Update Steam provider to use authorization code grant
Problem
The steam provider uses the documented steam oauth grant of implicit (
response_type=token): https://partner.steamgames.com/doc/webapi_overview/oauthPer internal discussions with a client, the authorization code grant is also supported, though undocumented (
response_type=code).Solution
Update the steam implementation to use the (undocumented) authorization code grant.
Alternatives/workarounds
Leave things be.
Additional context
Internal: Ticket 72049
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.