ID:93429
 
Applies to:Website
Status: Open

Issue hasn't been assigned a status value.
I'd really like to see some way to authenticate keys through some a web API or toolkit, something akin to the way DMCGI authenticates but for websites that don't use DMCGI.

I'm not sure how easy it would be to whip up something custom or if BYOND might want to go with something like CAS.

This would be extremely helpful to those of us running BYOND related services or websites. I'm sure my users would love it if they could login to their game hosting panels with their BYOND key securely. I understand this probably won't be top of the list material, but it'd be really cool to have this functionality soon.
I don't see the value of something like CAS over OpenID, particularly when I've never heard of the former but the latter has shown up in many places on the Web.

We've been considering options for authenticating keys more easily but nothing concrete is in the works. I guess it mainly boils down to how keys will be used and what people hope to get out of such a system.
I only know of CAS because my university uses it. It is, for the third party, very easy to set up and works great. I don't know how difficult it would be to set up on your end.

I don't care how you implement it- openid, CAS, or some homemade solution, I'd just really really really like to see it.
I don't really know, as I know no forms of authentication around BYOND at the moment or what they are being used to do.

However, I am interested, so maybe giving a bit of info, or linking to it, so people discussing this can see what it's being used for, how it would be helpful, or even how to implement the already available DMCGI would be steps closer to helping noobies to this, learn specifically what they are to be commenting and discussing about.
I'd have to agree to this, because of airjoes reasons, and a while back, I actually planned on having a full-blown integration with my game online.
My game used a MySQL database to store every bit of info, and I wanted to pull it up when a player would log in to the site. I didn't really want to design a site in DMCGI, because that's an absolute hassle, and I didn't know too much to do anything else with it, mix it with PHP or what have you.

And I would like to revisit this idea in the future.
Was wondering, any progress on this?
There could be a file created in a folder with the name of the hash that is returned along with the logging in of a user. Inside of the file with the hash as the name, could be the key of the user, which could somehow be erased as the session ends.

ex: Test Key -> Login.php
Login.php creates http://www.byond.com/auth/hash567890123456789012 and returns hash567890123456789012 through the return URL.

On the one who is using it's end, could provide a login on their site which goes through byond's own login which creates the file, and returns the hash back to the site, where the site can then take the hash, and check /auth/ to retrieve the username of the key in it. When the session is over, hash567890123456789012 (The file name) is deleted, and frees up the space on the server.
Done. Authentication API. Now this issue can be deferred.
A third party solution in a matter like this is no solution at all. By redirecting through your site you have access to all session data and as such can hijack sessions. A login system should run through BYOND alone.
And, surprise, Android Data's shoddy third party solution is down a year later, not that it was ever a good solution to begin with.

People have been asking for this for years now. PirateHead suggested OpenID in 2007. DarkView was looking for this feature in 2005.
This would be fantastic and wouldn't really be all that hard IMO....

Maybe Tom will release this in his "major website change" ...

But then again Obama said something about change right?
Bump, I would love this...
I made an authentication API before. I could put it back up, but unfortunately it wasn't used much the last time I had it up.
Can you throw the source up for me please? if you still have it that is.
Supporting OpenID would certainly be a strong move towards providing a well-known, oft-expected authentication method.

I see the primary usecase really as a way for the games own website to support logging the player in and accessing specific things that relate to the game. Mind you, I think thats a decent feature, but I'm not sure how much value that adds compared to the difficulty of implementing OpenID.

With the standalone client allowing signup and BYOND being modelled the way it is, I don't think allowing games to sign users up or log in through the game are particularly appealing. Thus I don't consider those usecases.
In response to JBoer
In my experience, the lack of use thing for these kinds of features is quite normal, so I wouldn't be too disheartened by it in a way.

It's actually one of these things where even with the feature provided, and people mentioning a desire for it, the realistic number of developers you get actually using such a service can be counted on one hand (and so, is why BYOND hasn't done it yet).

We had this with The LinuxGuild repositories for example, which ran for about a year or so, supporting 18 different OS release versions and tracking both stable BYOND releases and betas. We'd even gotten into a scenario where we'd once pulled a "stable" BYOND build from the repository as a show-stopper bug was uncovered, thus protecting our users from the bug that many doing manual installs ended up getting (Nice, but kind of rare). In spite of this kind of support, you still had about 50% of the people using LinuxGuild, who didn't want to make use of the repositories provided, but still largely keeping "up to date" with their BYOND releases.

What I kind of conclude from this is, if you provide a lesser demanded feature here on BYOND (like this auth API), provide the service expecting no feedback, little use, and poor support from the userbase, but provide plenty of feedback, regular update and good support yourself.

You very much need to do these things for your own sense of fulfilment, your own sense of what BYOND needs etc, and not rely on validation from the wider community to continue, because it really isn't going to happen enough for you to be happy with it. This actually applies to Tom, and volunteers as well, and they know it. Kind words of encouragement are rare, it's just how it is.
bump
I'm going to bump this, I know that many people have stated their opinions on this topic, but I would like to take a moment to state mine.

DMCGI, while nice while it was around, required BYOND to be installed on the host computer. While this was fine for people hosting a website off of a VPS or a dedicated server, the vast majority of BYOND users, being in the younger teen age range, didn't have access to the money required for such hosting, thus making them rely on free or cheap shared hosting. This negated the option for the majority of BYOND to properly implement DMCGI.

An authentication API, either through something like OpenID (which is supported through the use of plugins in almost every major CMS, Blog or Forum system currently on the market), or through a completely custom platform (which would allow BYOND users to develop their own plugins and bridges for such software.

An API would not have to be public, perhaps it could be a BYOND Membership perk, access to the actual API itself that is, everyone should be able to authenticate, but only BYOND Members could have access to any SDK and to tie into the API itself.

While its possible that only game owners and webmasters would have a viable use for the API, by not having something like this, the total potential of the BYOND platform is significantly limited. Requiring a BYOND Membership to access the API could potentially result in an increase of cashflow for BYOND.

Personally, I would enjoy an API, either through the easily integratable (at least from an end-user perspective) OpenID, or a custom, BYOND Member only API

I'm going around in circles so I am going to stop.
I forgot this was here till yesterday when I was again looking back into DMCGI.

Can we at least get a response? Really annoying that things hardly get a response from Tom or Lummox JR, in this case it did in 2010 but still... It's a bit ridiculous..
It takes a few hours with Wireshark and IDA to do figure out how the pager communicates anyways any implement authentication

If you dont want to do that libbyond.so/byondcore.dll export DantomClient that you can use to make a pager connection and auth it
Page: 1 2 3