24

Before I get started, let me say I know absolutely nothing about OpenID. I don't even want to do what OpenID is used for, but I imagine people will mention it, but thats not what I'm looking for.

I have software. That software requires users to provide their Steam Username when they register. They are not signing on through Steam, just providing their username so that others know their steam username. So there is no need for OpenID.

I know, I can simply just add a text field and have them list their Steam username and call it a day. However, doing this, people can input pretty much any steam username they want and be done. I would instead like to be able to confirm their usernames.

Ideally, there would be an "authenticate steam account" button. People click it, and it brings up a Steam login form. People login, and then steam returns their username (and maybe some extra data, such as their avatar). What would be the best way to do this?

Stevoisiak
  • 23,794
  • 27
  • 122
  • 225
Jason Axelrod
  • 7,155
  • 10
  • 50
  • 78

1 Answers1

42

There is a need for OpenID. That's the method that Valve uses according to their documentation.

You don't mention what your application is written in, so I can only guess that you are doing this via a web page. In that case, I recommend using the LightOpenID library. From there, this sample code should be able to get you started.

<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
try 
{
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
    if(!$openid->mode) 
    {
        if(isset($_GET['login'])) 
        {
            $openid->identity = 'http://steamcommunity.com/openid/?l=english';    // This is forcing english because it has a weird habit of selecting a random language otherwise
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
    } 
    elseif($openid->mode == 'cancel') 
    {
        echo 'User has canceled authentication!';
    } 
    else 
    {
        if($openid->validate()) 
        {
                $id = $openid->identity;
                // identity is something like: http://steamcommunity.com/openid/id/76561197960435530
                // we only care about the unique account ID at the end of the URL.
                $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
                preg_match($ptn, $id, $matches);
                echo "User is logged in (steamID: $matches[1])\n";

                $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]";
                $json_object= file_get_contents($url);
                $json_decoded = json_decode($json_object);

                foreach ($json_decoded->response->players as $player)
                {
                    echo "
                    <br/>Player ID: $player->steamid
                    <br/>Player Name: $player->personaname
                    <br/>Profile URL: $player->profileurl
                    <br/>SmallAvatar: <img src='$player->avatar'/> 
                    <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
                    <br/>LargeAvatar: <img src='$player->avatarfull'/> 
                    ";
                }

        } 
        else 
        {
                echo "User is not logged in.\n";
        }
    }
} 
catch(ErrorException $e) 
{
    echo $e->getMessage();
}
?>

Using this, it will present the user with a Steam Login ID button. When it is clicked it will redirect the user to the Steam Community login page. After they login, the user is redirect back to your page, that you set on the LightOpenID constructor. If the user has been validated, it will pull the unique player ID from the returned value. That returned value looks like http://steamcommunity.com/openid/id/76561197960435530, and you need just the 76561197960435530 part.

At this point you can query Steam to get player information. In the sample provided, the user is queried and basic player information is displayed.

Andy
  • 49,085
  • 60
  • 166
  • 233
  • 1
    >>Is there a way to implement openID login in android? >>If not, is there anyway to allow the user to login steam? – SID --- Choke_de_Code May 25 '15 at 10:16
  • 2
    For now this is inaccurate, "Since the OpenID protocol was obsoleted by the OpenID Foundation, this library is obsolete as well, and as such, is not mantained anymore." https://code.google.com/p/lightopenid/ – Rafael Jul 10 '15 at 14:20
  • You can download the LightOpenID library from here https://github.com/iignatov/LightOpenID – Daniels Šatcs Mar 14 '16 at 23:00