Discussion Login API (OpenID)

[Cosmos]

Hi there,

I'm interested in developing a website and some tools for the game. In order to proceed what I'd like to be able to do is verify the users real ED account. So the projects I'd be working on could make sure that I know the player using said services has a game account and their commander name is their own.

Apologies if this is already available or been covered but I've had a quick look and couldn't find anything on the forum search. So if its not available is something like this possible?

e.g. Steam's API allows the type of thing I am interested in:

[h=2]Steam OpenID Provider[/h] Steam can act as an OpenID provider. This allows your application to authenticate a user's SteamID without requiring them to enter their Steam username or password on your site (which would be a violation of the API Terms of Use.) Just download an OpenID library for your language and platform of choice and use http://steamcommunity.com/openid as the provider. The returned Claimed ID will contain the user's 64-bit SteamID. The Claimed ID format is: http://steamcommunity.com/openid/id/<steamid>

I think this would be useful for all the tool and site developers..

Heres a vid which explains how the steam OpenID works in more detail:

Spoiler

[video=youtube_share;DRAPS4FSmbk]https://youtu.be/DRAPS4FSmbk[/video]

Cheers

 

[xondk]

Eh, this can quickly become a murky subject of login credentials and similar, why would you need to verify they have a elite account?

 

[Cosmos]

Eh, this can quickly become a murky subject of login credentials and similar, why would you need to verify they have a elite account?

Because at the moment if people submit information, or login to a site etc.., there is no way of verifying we have a real player doing it and nor can we verify they are who they say they are.. For example, if people are submitting stuff to the galaxy recording thing (sorry forgot what its called) they could enter a load of rubbish. If we can authenticate who they are then it means we can trust the user.

The details are not stored or sent to the developer website, as per the steam example: This allows your application to authenticate a user's SteamID without requiring them to enter their Steam username or password on your site .

I believe EvE online has a similar similar system.. Its fairly common these days to do this. It offers the possiblity of much greater scope in what can be created, websites and even apps etc, which could be used to aggregate players gaming data from their journals in interesting and exciting ways.

Also if Frontier ever allow us to query their servers for some information this will be a requirement. Blizzard has one too, I think its called OAuth.

 

[yeryry]

Frontier already does allow us to query their servers for some information. Using... username/password.
I don't know if it has been formally requested, but it has been discussed by tool developers - having a proper auth system would be a great improvement.

 

[Cmdr Thrudd]

Frontier already does allow us to query their servers for some information. Using... username/password.
I don't know if it has been formally requested, but it has been discussed by tool developers - having a proper auth system would be a great improvement.

We've been asking for years. We had hoped to get a proper api with all the bells and whistles we needed but instead all we've got is permission to hook into the service they developed for the iPhone companion app that wasn't designed to be used directly by 3rd party tools.