You're right, this does work! Sort of. DotNetOpenAuth will reject it with default security settings, but it's possible to work around it.
(If anyone else is trying to implement this with DotNetOpenAuth, you need to set OpenIdRelyingParty.SecuritySettings.AllowDualPurposeIdentifiers to "true".) Thanks for pointing this stuff out, anyway! It'll save a bunch of effort for everyone. --- Dave Kellaway On 22 March 2010 21:25, AzuiSleet <[email protected]> wrote: > Their OpenID provider works just fine, I promise! Here's my page to test it: > http://heronforce2.heronirc.net/ > > And the source.. http://heronforce2.heronirc.net/src.7z > > If you want to get it to work you need: Pear base, Pear DB, Curl, > php_pdo, php_pdo_sqlite, php_curl. Their server doesn't have any > particular extensions to the specification so you're stuck parsing the > public profile. > > On Mon, Mar 22, 2010 at 1:26 PM, Harry Jeffery > <[email protected]> wrote: >> It would have to be a callback validation approach from an official >> valve website. Like how paypal is used as a payment gateway on many >> commercial websites. >> >> On 22 March 2010 13:42, Jonas 'Sortie' Termansen <[email protected]> wrote: >>> I am very interested in this. >>> >>> In theory the users of my (alpha-state) digital distribution platform would >>> be able to validate their accounts, which would make it more secure for my >>> systems (previously I just scanned the working dir for the username). But >>> would it be more secure for the users? Say I have a website where people >>> have to login with their account, how can they be sure I do not receive the >>> password, but only Valve does? If Valve makes this system public, wouldn't >>> that mean more people would enter their password on fake websites? Or >>> perhaps the user is required yo enter the password on a valve site, which >>> is more secure. >>> >>> If anyone has more information on this, I would like to know. :-) >>> >>> ----- Original meddelelse ----- >>>> Valve is currently using Steam login shizzle on a new site which >>>> they're testing in closed beta (external from Steamcommunity.com ) :) >>>> >>>> -ScarT >>>> >>>> 2010/3/22, David Kraeutmann <[email protected]>: >>>> > It was never fully implemented. >>>> > https://steamcommunity.com/openid/login returns main page. >>>> > >>>> > On Mon, Mar 22, 2010 at 12:44 AM, David Kellaway >>>> > <[email protected]> wrote: >>>> > > It's a real shame the OpenID provider doesn't work properly >>>> > > (DotNetOpenAuth rejects it because it's not fully compliant with the >>>> > > spec somehow). It'd be much less of a pain than making peoples' >>>> > > profiles public, editing them, and digging through the horrible XML >>>> > > feed. >>>> > > >>>> > > Is there anyone at Valve who'd know more about this? >>>> > > >>>> > > --- >>>> > > Dave Kellaway >>>> > > >>>> > > >>>> > > On 21 March 2010 23:06, Stephen Swires <[email protected]> >>>> > > wrote: >>>> > > > I tried logging into Stack Overflow with that as the OID provider, >>>> > > > but it >>>> > > > wouldn't work. It'd be very cool if it did. >>>> > > > >>>> > > > On Sun, Mar 21, 2010 at 9:43 PM, Saul Rennison >>>> > > > <[email protected]>wrote: >>>> > > > >>>> > > > > Even better, I bet you could just use: >>>> > > > > http://steamcommunity.com/openid/ >>>> > > > > >>>> > > > > Thanks, >>>> > > > > - Saul. >>>> > > > > >>>> > > > > >>>> > > > > On 21 March 2010 12:32, Garry Newman <[email protected]> wrote: >>>> > > > > >>>> > > > > > Thanks, this is what I ended up doing. It's working great right >>>> > > > > > now. >>>> > > > > > >>>> > > > > > garry >>>> > > > > > >>>> > > > > > On Sun, Mar 21, 2010 at 12:12 PM, Harry Jeffery >>>> > > > > > <[email protected]> wrote: >>>> > > > > > > Prehaps try linking an account on your website to a steam >>>> > > > > > > account. >>>> > > > > > > >>>> > > > > > > For example: >>>> > > > > > > >>>> > > > > > > To verify that they own an account with gmod on it ask them to >>>> > > > > > > put a >>>> > > > > > > small code/id in their steam community profile about-me section >>>> > > > > > > temporarily. Then you can have your website check it's >>>> > > > > > > existence by >>>> > > > > > > parsing the user's profile in xml: >>>> > > > > > > >>>> > > > > > > http://steamcommunity.com/id/profilename/?xml=1 >>>> > > > > > > >>>> > > > > > > If it exists you can then check if their account posesses the >>>> > > > > > > game: >>>> > > > > > > >>>> > > > > > > http://steamcommunity.com/id/profilename/games/?xml=1 >>>> > > > > > > >>>> > > > > > > Of course they would have to temporarily set their profile to >>>> > > > > > > public >>>> > > > > > > for this to work. Just make it a one off thing and you should >>>> > > > > > > have a >>>> > > > > > > pretty good way of verifying that the user owns a copy of gmod >>>> > > > > > > legitimately. >>>> > > > > > > >>>> > > > > > > On 21 March 2010 08:45, Garry Newman <[email protected]> >>>> > > > > > > wrote: >>>> > > > > > > > Is there any way that another website can verify a steam >>>> > > > > > > > login? >>>> > > > > > > > >>>> > > > > > > > I'm quite keen to make one of my websites check whether a >>>> > > > > > > > user owns >>>> > > > > > > > GMod before letting them download files (because at the >>>> > > > > > > > moment in >>>> > > > > > > > the >>>> > > > > > > > comments there's a lot of "does this work on non-steam" - >>>> > > > > > > > and I >>>> > > > > > > > don't >>>> > > > > > > > want to pay to let them download stuff). >>>> > > > > > > > >>>> > > > > > > > I'm sure I could manually post to the steam login form and >>>> > > > > > > > see if >>>> > > > > > > > it >>>> > > > > > > > succeeds - but I'm guessing that if it doesn't, it will >>>> > > > > > > > eventually >>>> > > > > > > > ban >>>> > > > > > > > my web server's IP. >>>> > > > > > > > >>>> > > > > > > > Anyone got any ideas, anyone already done something similar? >>>> > > > > > > > >>>> > > > > > > > garry >>>> > > > > > > > >>>> > > > > > > > _______________________________________________ >>>> > > > > > > > To unsubscribe, edit your list preferences, or view the list >>>> > > > > > > > archives, >>>> > > > > > please visit: >>>> > > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > > > > > > > >>>> > > > > > > > >>>> > > > > > > >>>> > > > > > > _______________________________________________ >>>> > > > > > > To unsubscribe, edit your list preferences, or view the list >>>> > > > > > > archives, >>>> > > > > > please visit: >>>> > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > > > > > > >>>> > > > > > > >>>> > > > > > >>>> > > > > > _______________________________________________ >>>> > > > > > To unsubscribe, edit your list preferences, or view the list >>>> > > > > > archives, >>>> > > > > > please visit: >>>> > > > > > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > > > > > >>>> > > > > > >>>> > > > > _______________________________________________ >>>> > > > > To unsubscribe, edit your list preferences, or view the list >>>> > > > > archives, >>>> > > > > please visit: >>>> > > > > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > > > > >>>> > > > > >>>> > > > >>>> > > > >>>> > > > -- >>>> > > > - Stephen Swires >>>> > > > _______________________________________________ >>>> > > > To unsubscribe, edit your list preferences, or view the list >>>> > > > archives, >>>> > > > please visit: >>>> > > > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > > > >>>> > > > >>>> > > >>>> > > _______________________________________________ >>>> > > To unsubscribe, edit your list preferences, or view the list archives, >>>> > > please visit: >>>> > > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > > >>>> > > >>>> > >>>> > _______________________________________________ >>>> > To unsubscribe, edit your list preferences, or view the list archives, >>>> > please visit: >>>> > http://list.valvesoftware.com/mailman/listinfo/hlcoders >>>> > >>>> > >>>> >>>> -- >>>> Sendt fra min mobile enhed >>>> >>>> >>>> /ScarT >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please >>>> visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlcoders >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlcoders >> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
