Skip to content

Demonstrator web app with OpenID Steam Login and JWT Cookie management

Notifications You must be signed in to change notification settings

tfc/steam-login

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Steam-Login Web App Demonstrator

This repository contains a small Haskell web application that provides an OpenID login via the Steam platform. I created it in order to learn how OpenID + Steam + JWT + Cookies work.

Implemented User Story

  1. User visits / and gets an HTTP 401 error (Unauthorized) because they are not logged in.

  2. User visits /login and gets redirected to the Steam login page, where they are asked if they really want to login to that service.

    steam-login

  3. After clicking the "Sign in" button, Steam redirects back to the /login-redirect route with information about the user.

    • The web app first needs to check this information against a trusted steam server, because users could easily forge such redirects.
    • If the information is correct, the Steam ID is extracted from it and more user information is obtained via another request to the steam servers
    • The web app then stores the Steam ID and username in a JWT cookie and sends it back to the user.

    login-redirect-hello

  4. Another visit on / reveals that the web app now recognizes the user. They are logged in!

    logged-in

How to Run the Demonstrator App

  1. Install nix (You can build the app yourself via manual installation of Cabal and GHC, which is also straightforward but out of scope)

  2. Obtain a steam web API key

  3. Run

    nix run github:tfc/steam-login -- --steam-client-key <web client key from steam>
  4. Browse to http://localhost:8000/login