szyku
Banned User
Hello,
I've created an authentication gateway for MTARP.co and I'd like to show this to you.
It allows app creators(by "app" I mean websites like the fledgling Blackmarket or the upcoming SocialLife thing) to implement OAuth-like "signing in" method. This works similarly to Steam's "sign in through Steam", Facebook's, etc.
Your credentials are not saved and sent using SSL(secured connection). Your account information is encrypted as well.
The owner of the site that you're trying to log into can check what characters you own and some of your main account information.
Get an API key/check documentation: https://mtarp-auth.ga
I'd like to try signing in and/or see what data is passed further: https://mtarp-auth.ga/auth/a8d55feda3ca7b358032156690bafcf2
There's a ready-to-use, small PHP library(you need mcrypt extension, it's probably already installed on your web hosting) for your convenience.
Use static methods like MTARP\Auth::verify() to see if the user has logged in successfully and MTARP\Auth::get() to get the account information.
Encrypted POST data is sent to your website, that is:
_mauth - unique key,
_mverify - unique key encrypted with your secret key - used to check the authenticity,
_mdata - account information encrypted with your secret key.
Data is encrypted using AES 256-bit(MCRYPT_RIJNDAEL_256), then encoded with Base64 for smoother HTTP communication.
With this knowledge you can easily write a library for a specific language.
Let me know what you think about this!
I hope it'll encourage some people to make their own websites/apps related to MTARP, because community is what develops this server the most.
Have fun and do not hesitate to ask me for help!
