https://kotlinlang.org logo
Title
r

roby

04/16/2023, 11:18 PM
Sup, has there anyone implemented Steam authentication with ktor?
val url = "<https://steamcommunity.com/openid/login>?\n" +
        "openid.claimed_id=<http://specs.openid.net/auth/2.0/identifier_select&>\n" +
        "openid.identity=<http://specs.openid.net/auth/2.0/identifier_select&>\n" +
        "openid.mode=checkid_setup&\n" +
        "openid.ns=<http://specs.openid.net/auth/2.0&>\n" +
        "openid.realm=<http://localhost:8082>&\n" +
        "openid.return_to=<http://localhost:8082/callback>"

val steamOAuthServerSettings = OAuthServerSettings.OAuth2ServerSettings(
    name = "steam-oauth",
    authorizeUrl = url,
    accessTokenUrl = url,
    clientId = "xxx",
    clientSecret = "xxx",
    defaultScopes = listOf("openid"),
    requestMethod = HttpMethod.Get,
    accessTokenRequiresBasicAuth = false,
)

fun main() {
    embeddedServer(Netty, port = 8082, host = "0.0.0.0", module = Application::module)
        .start(wait = true)
}

fun Application.module() {
    install(Authentication) {
        oauth("steam-oauth") {
            client = HttpClient()
            providerLookup = { steamOAuthServerSettings }
            urlProvider = { "<http://localhost:8082/callback>" }
        }
    }

    install(Sessions) {
        cookie<String>("user_session")
    }

    routing {
        authenticate("steam-oauth") {
            get("/login") {
                // Redirects to 'authorizeUrl' automatically
            }

            get("/callback") {
                val principal: OAuthAccessTokenResponse.OAuth2? = call.principal()
                call.sessions.set("somecookie")
                println("principal state ${principal?.state}")
                call.respondRedirect("<http://localhost:8082/oi>")
            }
        }
        get("/") {
            call.respondHtml {
                body {
                    p {
                        a("/login") { +"Login with Steam" }
                    }
                }
            }
        }
        get("/{path}") {
            val userSession: String? = call.sessions.get()
            println("USER SESSH = $userSession")
            if (userSession != null) {
                call.respondText("Hello, ${userSession}!")
            } else {
                val redirectUrl = URLBuilder("<http://0.0.0.0:8082/login>").run {
                    parameters.append("redirectUrl", call.request.uri)
                    build()
                }
                call.respondRedirect(redirectUrl)
            }
        }
    }
}
This is what I'm trying but after I login I just get redirected again to the login page
a

Andrew O'Hara

04/16/2023, 11:49 PM
Steam uses OpenID, which, unlike OpenID Connect, isn't based on OAuth. OpenID is obsolete, and there aren't many decent libraries out there. I've done Steam integration in the past, and have used this component for the login and verification logic. I wasn't using Ktor, but I'm sure you can modify my adapter for Http4k. The component depends on my fork of jbufu/openid4java, which includes optimizations for serverless environments.