Authentication API

Jun 9 2013, 9:19 pm In response to A.T.H.K
Magicmann	A.T.H.K wrote: It's a bit ridiculous.. More than a bit. Bumping with hope in my shallow, shallow hea- I mean, ehh, intellectual mind that knows the heart has nothing to do with hope or love or whatnot. =D

Feb 6 2014, 11:02 am
A.T.H.K	Going to bump this again, still no response.

Feb 6 2014, 12:53 pm

Akando5959

I would like a web api for verifying keys as say the flash client ever comes out the web api would allow for devs to authenticate people. Or a dev could embed their game into a website through a server. Then people could mobile play the game without being required to have the pager installed. However the api could be used to also still add ads to the game like it is already so byond didn't lose the ad revenue.

Feb 6 2014, 5:51 pm
Ssj4justdale	mega bump.

Feb 6 2014, 7:56 pm

Ssj4justdale

If curious, i just went for a shot again, this time using BYOND's site but ofcourse, ended with a fail.

1: Using PHP, i can get the byondcert but that wont do me any good.

2: I went for a javascript and semi-php and this is what i got so far -.-

<?php

if(isset($_GET['logout']))
{
    setcookie ("key", "", time() - 3600);// set the time to minus to remove the cookie. 
    header("Location: byondTest.php");
    die();  //safety precaution to disallow continuation of the scripts.
}

if(isset($_COOKIE['key']))  //if the user is finally logged in.
{
    echo 'Welcome, ' . $_COOKIE['key'];
    echo '<br><a href="?logout">logout</a>';
    die();  //safety precaution to disallow continuation of the scripts.
}

?>

<input type="button" onClick="loginBYOND()" value="Login with BYOND" />

<script>

var byondURL=null;

function loginBYOND(){
byondURL = popupwindow("http://www.byond.com/login.cgi?redir=1", "byondLogin", 1000, 575);
var timer = setInterval(function() {
        if (byondURL.closed) {
            clearInterval(timer);
        };
    }, 500);
}

function popupwindow(url, title, w, h) {
  var left = (screen.width/2)-(w/2);
  var top = (screen.height/2)-(h/2);
  return window.open(url, title, 'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width='+w+', height='+h+', top='+top+', left='+left);
}
</script>


<?php
//<a class="menu_link" href="https://secure.byond.com/members/?command=edit_account">
?>

//Use the code blow to check if they're signed in
//if they are, you just need to use a script to copy the users key.

//<a class="menu_link" href="https://secure.byond.com/members/?command=edit_account">

Feb 6 2014, 7:57 pm
Ssj4justdale	Ideally, if you can check the URL of the newly opened window with javascript and copy its innerHTML, it would be as simple as that. But I have no luck with it whatsoever, so I give up and thats what I leave you with -.-

Dec 8 2015, 6:59 pm
Inuyashaisbest	Bump to this suggestion. I am currently working on a website dedicated to the sciences of BYOND. The community, development, examples, summaries of games, and whatever else users may feel the need to communicate about. I was hoping to restrict the access to the BYOND community only, as I would rather not have randoms who do not use the services commenting about features on the service.

Dec 8 2015, 10:02 pm
Rushnut	Also going to give this a +1, some suite of tools to allow us to create websites and games that used BYOND's login would be crazy handy.

Dec 8 2015, 11:09 pm

MrStonedOne

There is a work around, I use it on my forum.
You will need:

Web server
Some server side scripting support on web server (php/asp/etc)
Web client server.
Mysql or other database engine accessible by both the web server and the web client server

Make/code web client server,
Web client server should take only web client connections in...
Generate a random token or chunk of text at least 32 characters long with each client connection
Store the clients byond key in the database along with the token and the current datetime
Use a browse() window and javascript to redirect the client back to the website with the token (but not the key) (ie, http://website.com/byondauth.php?token=[token] )

On the website, a script should take incoming connections in,
check for and grab a GET variable called token
access the database and find that token, error if it doesn't exist.
Grab all info attached to that token then delete it, tokens are one time use.
Check the datetime isn't too old (5 to 15 minutes, depending on how secure you want to be)
Take the client's key, store it in a more permanent part of the database,
Generate a session for them and add it to their cookies

Now in your website, you just check for that session cookie, and validate it against the sessions table of the database. If they don't have it, or the session doesn't exist or is too old, you display the login with your byond account button.

To see this in action, register an account at https://tgstation13.org/phpBB/ then click this link: https://tgstation13.org/phpBB/linkbyondaccount.php

Note, this is actually a required step to gain posting rights and wiki edit rights on tgstation

And it's used to validate admins for access to the ban database tools.

Dec 8 2015, 11:41 pm
Nadrew	My method uses DMCGI, logs you in using the BYOND website, redirects you back to the DMCGI, sets some cookies based on your key data, other stuff uses said cookies to use it. I've even made a MediaWiki plugin that uses the same setup.

Dec 8 2015, 11:42 pm In response to MrStonedOne
A.T.H.K	An easier way is using the depreciated DMCGI then pass the key to a PHP session. You'd need a VPS for that however, most web hosts won't install BYOND and modify their web server rules to launch dmbs with DD..

Dec 9 2015, 12:10 am
GatewayRa	I'd like to see a REST API for this kind of behavior. Later maybe it could even be extended to something like BYOND Credits, but BYOND probably doesn't want that kind of liability lol.

Dec 9 2015, 12:12 am In response to A.T.H.K
Rushnut	This is kinda the point of the request, to avoid having to set up to use DD/DMB/anything BYOND related.

Dec 9 2015, 2:15 am In response to Rushnut
A.T.H.K	Rushnut wrote: This is kinda the point of the request, to avoid having to set up to use DD/DMB/anything BYOND related. I know that, its was an alternative to MrStonedOne's PHP example. I've been on this request since 2011 pretty sure I know what it's about by now, 4 years later..

Dec 9 2015, 4:04 am In response to A.T.H.K
Rushnut	A.T.H.K wrote: I've been on this request since 2011 pretty sure I know what it's about by now, 4 years later.. /bends over /submits

Dec 9 2015, 9:51 am
MrStonedOne	You see, nobody here has explained how to use dmcgi to get the key data. I've at least explained in great detail how to use the webclient to do this

Dec 9 2015, 10:21 am In response to MrStonedOne
Inuyashaisbest	Thank you for your post, it has helped me out a great deal. How did you manage to get Dantom DB working for remote databases? Or are you merely passing variables through Export and browse with top.location.href?

Dec 9 2015, 10:22 am In response to MrStonedOne
GatewayRa	http://www.byond.com/developer/Dantom/CGI "Login(new_url)" im sure experienced users will have no problem figuring it out on their own

Dec 9 2015, 11:12 am
MrStonedOne	That doesn't help gateway.... How the fuck is the dmcgi suppose to be able to know who the user is? How the fuck does that work?

Dec 9 2015, 11:13 am In response to Inuyashaisbest
MrStonedOne	DantomDB works with remote databases fine, the hard part is getting the webclient server authenticated to a remote database, as the default configuration of mysql restricts connections to local ips