Steam as OpenID - Developers

I am currently developing a website for my own little Steam group/community and I would say it seems pretty logical to use Steam as a method of authentication. I've been searching on and on, but I just can't figure how this works. I looked a bit on a few other sites to see where the sign-in button linked to and modified the link to suit myself, however I have no idea on earth how to retrieve the 64-bit key of the player who just logged in? The rest I need to do is plain simple as I would just need to read the XML files I get using the API, I just need the SteamID -.-'

You can't just edit the link, you need to setup openid. There are many OpenID libraries you can use at [url]http://wiki.openid.net/w/page/12995176/Libraries[/url], and details on the steam OpenID provider can be found at [url]http://steamcommunity.com/dev[/url]

I've personally been using [url=http://gitorious.org/lightopenid]LightOpenID[/url] and then stripping the 64-bit ID out using a classy regular expression. After that, you can just use the ID to talk [url=http://developer.valvesoftware.com/wiki/Steam_Web_API#GetPlayerSummaries_.28v0002.29]straight to ISteamUser[/url].

[QUOTE=AzzyMaster;33272425]You can't just edit the link, you need to setup openid. There are many OpenID libraries you can use at [url]http://wiki.openid.net/w/page/12995176/Libraries[/url], and details on the steam OpenID provider can be found at [url]http://steamcommunity.com/dev[/url][/QUOTE] After a lot of testing (and 2 threads on a PHP forum) I found out, that you can pull this information using GET. The periods in the index for the get array can be treated as underscores (_) by PHP. That means the link to the players community page can be retrieved from $_GET['openid_identity'] or whatever it's called. Then the community ID can be extracted using substr (or another substring equivalent) and you can use that to look up things on players using the XML version of the community pages. Conclusion: I CAN just edit the link ;)

Just remember that you can't actually verify whether it's a faked request or not, as Steams OpenID isn't really authentication, but more like "log in with steam, and we'll send your community ID, so the player doesn't have to type it in". It's amazingly useless actually. :)

[QUOTE=h2ooooooo;34018995]Just remember that you can't actually verify whether it's a faked request or not, as Steams OpenID isn't really authentication, but more like "log in with steam, and we'll send your community ID, so the player doesn't have to type it in". It's amazingly useless actually. :)[/QUOTE] Uhhm, if you use the OID libraries correctly (or manually do it), they do connect to steam and verify the details sent back from steam, just like every other OID provider does.

I've done this a long time ago and yea, it was pretty difficult to set up. I'll see what I can get for you. [editline]3rd January 2012[/editline] I've also done this more recently. I'll get that code, because that's more readable for me. (That was linking an account on my site to your Steam one, tho.) [editline]3rd January 2012[/editline] Using this API: [url]http://www.ohloh.net/p/steam-condenser[/url] [editline]3rd January 2012[/editline] Okay, this is what I've got: The link button: [PHP] <? if(@$_SESSION['steamid']) { $steam = new SteamAPI($_SESSION['steamid']); $n = $steam->getFriendlyName(); db_q("UPDATE users SET steamid = ${_SESSION['steamid']}, steamname = '$n' WHERE ID = ${user['ID']}"); echo 'Linked <a href="/twitter/?tweet=PRE-linked-steam" class="button">Tweet</a>'; unset($_SESSION['steamid']); } elseif(@$user['steamid']) { echo $user['steamname']; } else { echo '<a href="'.SteamSignIn::genUrl("php/steam.php", false).'">Link</a>'; } ?> [/PHP] php/steam.php: [PHP] <? include_once('steam_openid.php'); $val = SteamSignIn::validate(); session_start(); $_SESSION['steamid'] = $val; header('Location: /settings/'); ?> [/PHP] php/steam_openid.php: [url]http://pastebin.com/vGMjcU6a[/url] That's all, I think. DISCLAIMER: THIS MAY OR MAY NOT WORK. THIS IS UNTESTED. I AM NOT RESPONSIBLE FOR THIS IN ANY WAY. ETC ETC ETC

[QUOTE=Fizzadar;34020099]Uhhm, if you use the OID libraries correctly (or manually do it), they do connect to steam and verify the details sent back from steam, just like every other OID provider does.[/QUOTE] Oh? I just couldn't get any validation success using [url=http://code.google.com/p/lightopenid/]lightopenid[/url].. Odd

[QUOTE=h2ooooooo;34020927]Oh? I just couldn't get any validation success using [url=http://code.google.com/p/lightopenid/]lightopenid[/url].. Odd[/QUOTE] Strange, I've got it all working on FD-Core (from: [url]https://github.com/Fizzadar/Fanatical-Dev-Core/blob/master/user.php[/url]): [code] //start openid $openid = new LightOpenID; //validate the login try { $result = $openid->validate(); } catch( Exception $e ) { return false; } [/code]

[QUOTE=h2ooooooo;34018995]Just remember that you can't actually verify whether it's a faked request or not, as Steams OpenID isn't really authentication, but more like "log in with steam, and we'll send your community ID, so the player doesn't have to type it in". It's amazingly useless actually. :)[/QUOTE] I tried some URL forging without success. Also I don't really care, I mostly use it for indexing my players ;) This way I only have to deal with numbers not a lot of weird characters that happen to be in some players nicks :)