FusionAuth
Support User Session Ticket in Steam IdP instead of an access token for Device linking
Support User Session Ticket in Steam IdP instead of an access token for Device linking
Problem
When performing device linking with the Steam IdP, FusionAuth currently supports taking an access token to identify a user during a device grant.
In some cases, an access token is not available, and instead Steam provides a user session ticket. In this case, the current device linking capability does not work.
Solution
Allow the use of a session ticket or an access token to begin the device linking process.
The only thing FusionAuth needs the access_token for is to determine the user's Steam Id. We in turn use this Steam Id to request the player information using the /GetPlayerSummaries/v2/.
Because the AuthenticateUserTicket also returns the Steam Id, we should be able to swap in this API provided we have a session ticket instead of an access_token and provide the same end result.
New API parameters will be data.appId and data.sessionTicket. The Device grant will also need to handle two tokens in the scope. For example: idp-link:<steam idp id>:<steam app id>:<steam auth session ticket> in addition to the current version of idp-link:<steam idp id>:<steam user token>.
Additional context
- https://partner.steamgames.com/doc/webapi_overview/oauth#RetrieveSteamID
- https://partner.steamgames.com/doc/webapi/ISteamUserAuth#AuthenticateUserTicket
-
Returns: The user's 64-bit SteamID if the user's ticket is valid
-
- https://partner.steamgames.com/doc/webapi/ISteamUser
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
