Closed ebf34e12952930cf closed 8 years ago
tl;dr, PR looks good from me. Ready to pull! (@atomizer)
P.S. Fixes #48, but more documentation (and visual/video examples) will be necessary to make this end-user usable.
Someone should write them docs for this...
Took some time to chat with @BlackRayquaza over Skype and get a good idea of how Steam login for Realm works, and we came to the following conclusions:
secret
(wheresecret
is their Steam secret string)steamid
as their account namesteamid
+secret
With that in mind, I was only able to test cases (1) and (2), and can confirm both of those behaviors. I'm fine with trusting that (3) works from @BlackRayquaza's testing.
Besides the interesting behavior difference depending on web-connection, the other concern with this feature is that it is unusually difficult to obtain the
secret
key. To get it via sniffing, you need to sniff the/chars/list
request made over HTTPS from the Steam client. To get the information programmatically, we'd need to spoof asessionticket
value, which appears to be some kind of base16 timestamp, which I wasn't able to get responses to via browser requests. @BlackRayquaza did some digging through the Steam client, but given its obsfucation, that was largely inconclusive.As such, while this PR enables viewing of Steam accounts, the method to actually get the secret key is notably more complex. For now I'd advise leaving it off of the readme until a programmatic approach can be developed, or a clear instruction (video?) can be publicized to document the process.