it seems like it would be a better use to make a php script that can piggyback off of this same system.
|
oh, it uses a third party system that isn't even in place anymore.
So it's not secure, and it's not oauth, as to be oauth, byond has to be the only party involved in handling user credentials. |
It's not third-party, it's a part of BYOND's software and it works quite well. Unfortunately, DMCGI isn't really supported anymore and it does require having BYOND installed on the machine.
Basically the procedure is: - Point the client to your DMCGI webpage that has CGI/authenticate set to 1, this will force the client to login with their BYOND key on the BYOND website. - Upon logging in the BYOND website sends the client back to the DMCGI page, if successfully logged in the page will be able to access client.key (ckey, etc). - Use the login data that DMCGI knows to write a domain cookie containing the key name and some validation hashes to check against. - Utilize said cookie elsewhere. ---- For MediaWiki the process is similar except it passes data back to MediaWiki to register/utilize the account using that key-name as needed. |
Well then the documentation linked by gateway is bad.
As it says they authenticate thru a website called secure.dantom.com, and that is not byond.com. I can only go off of what info i'm given. |
In response to MrStonedOne
|
|
It's old.. Very old..
I highly doubt this request will go ahead anyway focus is on the software which is fair enough. No one serious should be relying on the player having a BYOND account anyway, they should be forcing the player to create an account in game which then forwards onto a database for use in other systems. [Edit] at least when the web client is fully utilized. |
Well, from what it seems from dmcgi, it would seem byond already has an authentication api, it's just undocumented.
I'll have to rip this apart and monitor the traffic from the client to byond, the client to dmcgi and see if i can't figure out a way to hijack off of this same system for anybody |
It uses Dream Daemon logins and a session identifier to link to those, it's not doing any more talking to BYOND than a hosted game would.
|
Look, if someone wants me/Nadrew/ATHK/someone else to write an authentication API, just ask for that. This issue seems redundant so long as DMCGI works.
I set up something like this recently whereby DreamDaemon is actually not installed on the server. It works pretty well and I'm sure I could set something up by the end of the week if there's interest. But the way I've been looking at BYOND lately is that there's a lot of complaining about features that are (barely) used. If Lummox JR spent the time to implement this feature would it really be put to use? |
In response to NullQuery
|
|
Prior to the web client, a player needed BYOND installed and the majority of the time a BYOND account, so yea 4 years ago it would've been awesome!
Now with the webclient players aren't forced into downloading software and installing it to use. Ideally like I said before, if you're serious.. You wouldn't be relying on BYOND for anything except it's software. Which Lummox is doing a bang up job with. |
In response to NullQuery
|
|
But the way I've been looking at BYOND lately is that there's a lot of complaining about features that are (barely) used. If Lummox JR spent the time to implement this feature would it really be put to use? while these kind of things typically won't be used around here, they do have the capability to convey versatility and attract more people to the website over time |
In response to GatewayRa
|
|
Right, like Gateway said.
Whilst it's true this might not be actively used, it can be used infrequently to create resources and other avenues to help create and support traffic towards BYOND. |
Idk why you're cursing.