zacjones0
commented
4 years ago From what I understand Auth0 (the login solution Minehut uses) has a list of allowed redirect urls from the login page, you can find what page is redirected to from the redirect_uri query in the login page url, (https://minehut.com/login for Minehut). When redirected to that url (After the user has entered their login) Auth0 passes the code parameter in form of a query aswell (e.g. https://minehut.com/login?code=dfa3ufd) which is then exchanged for an id_token containing the session and token used for Minehut's normal API endpoints.
So the main problem is being able to redirect back to your application. This makes apps like websites basically impossible unless you ask Minehut to add your website to the redirect list, but native apps have a bit of a chance, if Minehut allowed a custom uri scheme e.g. minehut://login that can be registered on the users computer to open the native app, all native apps would be able to use that one uri scheme saving Minehut having to add a redirect url to the list for every app.
Sorry that was pretty long and I'm not the best at explaining. You might want to check out the Auth0 Docs (specifically here) for more in depth explanation of how it works.
Feature request
Checklist
Platform
Website
Describe the feature
The ability for developers to create OAuth2 applications that allow people to login with their Minehut accounts, and return a access/session token for usage with Minehut's API Additionally, the ability for server - server communication, that would allow developers to create a token for their personal usage with the API.
How the feature is useful
The feature benefits developers the most, but could benefit everyone. It's useful because there is no longer any method for developers to login with a email/password or token (ghost login), thanks to Auth0. And it allows things like discord bots for server management would be possible again.
Use the š reaction to indicate you agree with this suggestion! Feel free to discuss the idea in the comments. š