ID:1847457
 
Applies to:Website
Status: Open

Issue hasn't been assigned a status value.
A feature I thought may exist however it turns out it does not. This could affect security if implemented incorrectly however if it's properly done it would not result in any security issues.

The system could be modeled after either:

Minecraft's Yggdrasil: http://wiki.vg/Authentication -- The server requesting access must process the password and send it to the server and recieve a token if the password passes, this relies on the devloper's trust to be trustworthy and users to trust them.


Google's API: https://developers.google.com/identity/protocols/OAuth2 -- A pop up on Google's official site, that asks for your permission. This won't scare users as they can clearly see the "https://google.com" with the SSL certificit.

I suggest the later as giving plaintext passwords to developers would result in major security flaws so I advise the Google type of auth system over the other.

I'd really like it to track stats in a game and allow only them to view it on a site and perhaps even allow people to register for forums using their byond account.

This post is mostly for discussion publicly to see what everyone would like to see and so on, as I'm really tired at the moment of posting I'll probably edit this majorly once I'm awake.
You can use DMCGI to authenticate BYOND keys.

The "stats" can be sent to an external script with world.Export()

The rest is up to you, PHP and MySQL or any of their language that supports GET and a database.

If you really wanted you could use the MySQL library and skip the export completely as they're easy to exploit.
to quote yourself:


A.T.H.K wrote:
I stand corrected, I agree with Airjoe though it is a wanted feature by alot of people...

http://www.byond.com/forum/?post=103749#comment962953

If it's that requested, why isn't it implemented?



A.T.H.K wrote:
You can use DMCGI to authenticate BYOND keys.
Yes I could... if I had access to install programs and so on my site. However my host limits me and I can not.

Not to mention it is slowly being broken by new updates to Byond:
http://www.byond.com/ forum/?post=1789809&hl=DMCGI#comment14044503

It has been posted many times as a feature request see:
http://www.byond.com/ forum/?post=100744&hl=DMCGI#comment474970
http://www.byond.com/forum/?post=93429

Not to even touch on this quote:
Nadrew wrote:
Keep in mind also, DMCGI isn't really supported anymore
http://www.byond.com/forum/?post=1632407#comment11194798

I think it's time we add in something like I mentioned. The stats system could be done using world.export yes but I still need to verify it's the right user before letting them view it.
Yea and I agree with you, I never said I didn't I just gave you work arounds for now.

It's obvious by allll the feature requests, that its not going to happen ..

Hell they're years old.


Honestly though, I would ditch using the BYOND key for logins to anything completely. Use your own login system, username and password auth connected to a DB that you can use in other languages, and hey presto you've got what you wanted! Yay..

If your host doesn't support something you need, that's not BYONDs fault, find a better host.
Eh I'm not blaming Byond I'm just trying to mention that it's requested a lot and perhaps we should at least think about it.

The workarounds you listed won't work for me but that's alright.

I'd like to see it added but I suppose we can't always get what we want.
Third-party authentication is something that is pretty high priority, because we want to have a reliable authentication solution that outlives BYOND (and also would work in the event of service interruptions).

I'm sorry for all the delays.
Tom, in this case, they are asking for the ability to use byond as a third party authentication system for their own systems.

That being said, I have something setup that uses a webclient and some oauth (the google version) methodologies.

I could look at maybe opening it up to other sites.