destinygg / website

Destiny.gg
https://www.destiny.gg
Other
210 stars 122 forks source link

Allow oauth token to authenticate user in chat #241

Closed Moseco closed 3 years ago

Moseco commented 3 years ago

I have gone through the process described in the oauth.md documentation. From what I can tell this token can only be used to get user information from /api/userinfo?token=$TOKEN, as described in the documentation. But it cannot be used to authenticate the user in the chat by sending it as a cookie with the name authtoken as described in profile->developer section->connections page.

While creating a token/login key using the website on the same page as above does allow the user to authenticate with the chat.

From digging around a bit it seems to caused here by not allowing auth tokens with a clientID.

Is it possible to extend the capability of the oauth generated token to authenticate with the chat?

Thanks!

ILiedAboutCake commented 3 years ago

This is by design, you need to generate logon keys to use chat. Logon key generation is not supported via oauth, has to done by the user at $website/profile/developer

Moseco commented 3 years ago

Is it possible for that process to be made more user friendly? For example, a client sends the user to a page to confirm the use of a login key, and then a url redirect can send them back to the client with the login key. (Sorry if this already exists and I have missed it)

ILiedAboutCake commented 3 years ago

No this is an anti-abuse measure