Closed keneanung closed 9 years ago
rubensayshi
commented
9 years ago Cool,
Maybe no need to store it until it's actually necessary,
otherwise I'd put the info into a seperate table since it's kinda unrelated to normal user login, so gw2_auth or something
keneanung
commented
9 years ago Technically this should be finished. I still need to add an icon for the button though.
I'm also waiting for an answer on arenanet/api-cdi#21 (which is now closed) in case I need some more changes.
And since the authorization is still BETA quality, I'd wait to merge this in anyways :)
keneanung
commented
9 years ago Should be done now, except:
rubensayshi
commented
9 years ago okay, I'll try to free up some time this week to take a look at it and test it :)
keneanung
commented
9 years ago Hrm... https://forum-en.guildwars2.com/forum/community/api/Launching-v2-account-w-Authentication/4981219 pretty much kills this PR :boom:
But lets wait and see first
rubensayshi
commented
9 years ago awh :/ ...
I was under the asumption this was ready to be merged?
keneanung
commented
9 years ago It was, until I asked whether the OAuth is still in Beta, because it already appeared in the accounts listing. Then they dropped the ball about movements away from OAuth2 towards API-style keys. See my question https://forum-en.guildwars2.com/forum/community/api/Launching-v2-account-w-Authentication/4971293 and the following discussion
rubensayshi
commented
9 years ago any updates?
keneanung
commented
9 years ago Nothing specific. The new authenitcation method will be revealed "within weeks" with a proposed migration strategy. So I'd still like to wait.
keneanung
commented
9 years ago :volcano: See https://forum-en.guildwars2.com/forum/community/api/HEADS-UP-OAuth2-being-replaced-next-week
tl;dr: No new OAuth apps can be registered, authentication is out of the window, user has to do the "create token" step of OAuth manually (which doubled as authentication), http header stays the same.
So maybe it's possible to reuse parts of this, but overall it seems to become pretty complicated for normal users to grant access to private parts of the API.
This adds the OAuth2 authentification by Guild Wars 2 (and changes some defaults to be more sensible for testing environments).
TODOs:
This PR serves 2 purposes:
Question: I am debating whether to save the access and refresh tokens with expiry date, because ANet plans features to the API that might be interesting to gw2spidy as well (Bank/character inventory, TP history). Soo...
That's it for now, if I get more ideas/questions, I'll ask.