Authenticate with the API using username/password?

(Alkaline Thunder) #1

I’m trying to write a multiplayer game that uses Discourse for user authentication. I want to allow players to log into the game using their Discourse by presenting them with a login form where they can enter their Discourse username and password. I then want to send these credentials to the API as well as information about the client and use this to get an API key I can use in future api calls to act on behalf of the user.

This API key is then shared with any multiplayer servers the user joins and is used by said servers to grab username, avatar, etc and other profile information, without ever needing to store or transmit a password. Is this possible?

(Jay Pfaffman) #2

You should make your app an sso client to your discourse instance.

(Alkaline Thunder) #3

How exactly would I do that? I’ve seen guides etc on how to make discourse use an external service for login/retrieving user data etc, but I’d like to make my program be the thing that’s asking for user data, not providing it.

Also, I do not want to have to store cookies or passwords, I just want to authenticate, get an api key, and provide that to any multiplayer game servers the user joins. Also, I’m using C#.

So far I was able to use Discoursistency to log the user in using a username/password, and fetch their avatar, username and fullname, which is in fact some of the data I want to give the servers access to, but I see no methods regarding api keys.

Perhaps I could grab the userid using discoursistency, and use a System.Net.WebRequest to query the admin API using a master key to generate/grab a user api key? In that case, if I revoke a key in the admin UI, how do I handle getting the player to log in again to get another key? Is there an API endpoint for checking whether an API key is valid?

(Alkaline Thunder) #4

Does anyone have any ideas for this? My searches are still coming up dry.