Without requesting any additional scopes, this will give us basic profile information about a Destiny player. They auth will be handled by bungie.net, and we should get a JWT token in response which we will verify is legit from Bungie, and will contain their account name.
This should be perfectly enough to identify users for the purposes of feeding them images they haven't seen before, gamification (leaderboards, transcription stats), as well as a "trust" value if we want to weight users to determine trolls/transcription heroes and affect our confidence algorithm.
Outstanding questions:
Is there an existing wrapper for bungie.net OAuth in Python (or any language to base it off of)?
Does storing their username have any implications for GDPR/CCPA? Would the ability to opt-out of leaderboards and only store a hash of their account name be enough to be compliant?
This would exclude people that don't have at least a bungie.net account. I don't know if anyone that doesn't play destiny cared/got involved, or if we should even give this edge case too much thought. I think they could just sign up for a bungie.net account and since D2 is now F2P, we can put the burden of getting access on them.
We can request an OAuth application here: https://www.bungie.net/en/Application/Create
Without requesting any additional scopes, this will give us basic profile information about a Destiny player. They auth will be handled by bungie.net, and we should get a JWT token in response which we will verify is legit from Bungie, and will contain their account name.
This should be perfectly enough to identify users for the purposes of feeding them images they haven't seen before, gamification (leaderboards, transcription stats), as well as a "trust" value if we want to weight users to determine trolls/transcription heroes and affect our confidence algorithm.
Outstanding questions:
Is there an existing wrapper for bungie.net OAuth in Python (or any language to base it off of)?
Does storing their username have any implications for GDPR/CCPA? Would the ability to opt-out of leaderboards and only store a hash of their account name be enough to be compliant?
This would exclude people that don't have at least a bungie.net account. I don't know if anyone that doesn't play destiny cared/got involved, or if we should even give this edge case too much thought. I think they could just sign up for a bungie.net account and since D2 is now F2P, we can put the burden of getting access on them.