Steam API Authentication

Asked 7/9, 2013 at 13:56 Answered 21/12, 2023 at 10:10

Before I get started, let me say I know absolutely nothing about OpenID. I don't even want to do what OpenID is used for, but I imagine people will mention it, but thats not what I'm looking for.

I have software. That software requires users to provide their Steam Username when they register. They are not signing on through Steam, just providing their username so that others know their steam username. So there is no need for OpenID.

I know, I can simply just add a text field and have them list their Steam username and call it a day. However, doing this, people can input pretty much any steam username they want and be done. I would instead like to be able to confirm their usernames.

Ideally, there would be an "authenticate steam account" button. People click it, and it brings up a Steam login form. People login, and then steam returns their username (and maybe some extra data, such as their avatar). What would be the best way to do this?

Appulse answered 7/9, 2013 at 13:56 Comment(0)

There is a need for OpenID. That's the method that Valve uses according to their documentation.

You don't mention what your application is written in, so I can only guess that you are doing this via a web page. In that case, I recommend using the LightOpenID library. From there, this sample code should be able to get you started.

<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
try 
{
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
    if(!$openid->mode) 
    {
        if(isset($_GET['login'])) 
        {
            $openid->identity = 'http://steamcommunity.com/openid/?l=english';    // This is forcing english because it has a weird habit of selecting a random language otherwise
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
    } 
    elseif($openid->mode == 'cancel') 
    {
        echo 'User has canceled authentication!';
    } 
    else 
    {
        if($openid->validate()) 
        {
                $id = $openid->identity;
                // identity is something like: http://steamcommunity.com/openid/id/76561197960435530
                // we only care about the unique account ID at the end of the URL.
                $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
                preg_match($ptn, $id, $matches);
                echo "User is logged in (steamID: $matches[1])\n";

                $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]";
                $json_object= file_get_contents($url);
                $json_decoded = json_decode($json_object);

                foreach ($json_decoded->response->players as $player)
                {
                    echo "
                    <br/>Player ID: $player->steamid
                    <br/>Player Name: $player->personaname
                    <br/>Profile URL: $player->profileurl
                    <br/>SmallAvatar: <img src='$player->avatar'/> 
                    <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
                    <br/>LargeAvatar: <img src='$player->avatarfull'/> 
                    ";
                }

        } 
        else 
        {
                echo "User is not logged in.\n";
        }
    }
} 
catch(ErrorException $e) 
{
    echo $e->getMessage();
}
?>

Using this, it will present the user with a Steam Login ID button. When it is clicked it will redirect the user to the Steam Community login page. After they login, the user is redirect back to your page, that you set on the LightOpenID constructor. If the user has been validated, it will pull the unique player ID from the returned value. That returned value looks like http://steamcommunity.com/openid/id/76561197960435530, and you need just the 76561197960435530 part.

At this point you can query Steam to get player information. In the sample provided, the user is queried and basic player information is displayed.

Jenness answered 8/9, 2013 at 4:39 Comment(3)

>>Is there a way to implement openID login in android? >>If not, is there anyway to allow the user to login steam? – Hearst 25/5, 2015 at 10:16

For now this is inaccurate, "Since the OpenID protocol was obsoleted by the OpenID Foundation, this library is obsolete as well, and as such, is not mantained anymore." code.google.com/p/lightopenid – Expertise 10/7, 2015 at 14:20

You can download the LightOpenID library from here github.com/iignatov/LightOpenID – Palpable 14/3, 2016 at 23:0

The following method will open a window where the user will be presented with Steam's UI to login and then the user's steamID will be extracted.

From the image, localhost is determined by your redirectURL. With testing it should be localhost and in production it should the same url of the current page you call the window from.

How to do this

Open a window with the endpoint provided in the code. Then you run an interval in which you check the returned query param and then you extract the steamID of a user. Once this is extracted you close the window.

With this steamID you can query steam's API for additional user data if required: https://developer.valvesoftware.com/wiki/Steam_Web_API#GetPlayerSummaries_.28v0001.29

A steamID is just like the userName except it is a unique identifier of the user. SteamID is also public for everyone to see

The code:

private openWinSteam = (redirect: string) => new Promise<string>((resolve, reject) => {
        const scopes = 'identify+email';

        try {
            this.loading = true;
            const endPoint = `https://steamcommunity.com/openid/login?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=checkid_setup&openid.return_to=${redirect}/profile/connections/callback?state=d5083c416b1df43325a742551826c414&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select`;
            const strWindowFeatures = 'location=yes,height=660,width=540,scrollbars=no,status=yes';
            const steamWindow = window.open(endPoint,
                'steamLoginNav',
                strWindowFeatures
                );

                const closeWindow = () => {
                    this.loading = false;
                    steamWindow.close();
                };

                const steamIntervalHash = setInterval(() => {
                    if (steamWindow.closed) {
                        clearInterval(steamIntervalHash);
                        reject({
                            message: 'YOUR REJECT MESSAGE'
                        });
                    }

                    try {
                        const search = steamWindow.location.search;

                        if (search) {
                            const errorRegex = search.match(/error=([^&]*)/);
                            const steamIDRegex = search.match(/openid%2Fid%2F([^&]*)/);
                            if (steamIDRegex) {
                                const steamID = steamIDRegex[1];
                                if (steamID) {
                                    this.loading = false;
                                    clearInterval(steamIntervalHash);
                                    closeWindow();
                                    resolve(steamID);
                                }
                            }
                            if (errorRegex) {
                                const error = errorRegex[1];
                                if (error) {
                                    // when user press cancel
                                    if (error === 'access_denied') {
                                        this.loading = false;
                                        clearInterval(steamIntervalHash);
                                        closeWindow();
                                        reject({
                                            message:'YOUR REJECT MESSAGE'
                                        });
                                    }
                                }
                                this.loading = false;
                                clearInterval(steamIntervalHash);
                                closeWindow();
                                reject({
                                    message: 'YOUR REJECT MESSAGE'
                                });
                            }
                        }
                    } catch (e) {
                        this.loading = false;
                        return null;
                    }
            }, 100);

        } catch (e) {
            console.log('Error', e);
            this.loading = false;
            reject('Error');
        }
    })

Result answered 21/12, 2023 at 10:10 Comment(0)

AS LightOpenId seems abandoned, you can use either openid or my lightweight version of in (TS): https://www.npmjs.com/package/steam-lightweight-openid.

Remember, openid-client package won't work for OpenID 2.0 in Steam.

Spermatocyte answered 11/10, 2023 at 19:32 Comment(0)

Recommended topics

Hot tags