Reputation: 261
I've done auth with google when client auth, receive token_id, send it to server and server retrieve client account info base of that token_id. It was pretty easy because it was documented. Now I try to do with Steam but literally I have 4 rows about OpenID in steam docs. I start using an openID browser lib oidc-client-js but steam docs doesn't help me. The openID lib require this fields:
Steam docs offer just the provider, key and domain name and I really don't know where to start.
Just download an OpenID library for your language and platform of choice and use http://steamcommunity.com/openid as the provider. The returned Claimed ID will contain the user's 64-bit SteamID. The Claimed ID format is: http://steamcommunity.com/openid/id/
I get CORS Header problem because I use localhost and not a secure connection and I think I need to configure additional fields in oidc-client-js:
Any help will be appreciated.
Upvotes: 7
Views: 9732
Reputation: 1027
You can use the open-source Steam OpenID Connect Provider proxy I wrote: https://github.com/byo-software/steam-openid-connect-provider
This allows you to use OpenID Connect with Steam without needing a partnership with Valve.
It is compatible with Keycloak and docker images are available as well.
Upvotes: -1
Reputation: 17
If you need OpenID Connect, it is available with the oauth endpoint.
https://steamcommunity.com/oauth/.well-known/openid-configuration
The above is returning valid JSON:
{
"issuer": "https://steamcommunity.com",
"authorization_endpoint": "https://steamcommunity.com/oauth/login",
"token_endpoint": "https://steamcommunity.com/oauth/token",
"userinfo_endpoint": "https://steamcommunity.com/oauth/userinfo",
"response_types_supported": [
"code",
"code id_token"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"id_token_signing_alg_values_supported": [
"HS256"
]
}
The documentation, as it exists today (2024), can be found here.
You will need to register for a partnership with Steam through partner.steamgames.com and contact them during that process to discuss your use case.
Upvotes: 0
Reputation: 183
tl;dr: Steam is not an OpenID Connect provider
I got the exact same problem.
I tried running chrome with CORS disabled to see if it would work, I got an error from oidc-client:
SyntaxError: Unexpected token < in JSON at position 0
at JSON.parse (<anonymous>)
at XMLHttpRequest.s.onload (oidc-client.min.js?3809:1)
Which is easily understandable because https://steamcommunity.com/openid/.well-known/openid-configuration looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<URI>https://steamcommunity.com/openid/login</URI>
</Service>
</XRD>
</xrds:XRDS>
Which is obviously not JSON.
The URL in the Type balise redirects to http://openid.net/specs/openid-authentication-2_0.html, which can be found in the obsolete section of the OpenID specifications page.
Additionally, you can find in the OpenID Connect Discovery specification page that
OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-configuration to the Issuer.
Which corroborate that the .wellknown/openid-configuration file of Steam OpenID endpoint was not made for OpenID Connect.
So I think it's safe to say that Steam is stuck to OpenID 2.0 and is not an OpenID Connect provider.
Now I have to look for an OpenID 2.0 js client, or switch for Google Sign-In.
Upvotes: 13