{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
originally posted in:BungieNetPlatform
View Entire Topic
3/6/2015 9:58:23 PM
7
"Simple" authentication using PSN
Hey folks.
I've seen a lot of confusion over how to handle logging in to Destiny. Some of the solutions I've seen are kind of wrong/scary, and some of them require way too much effort or extra packages. (You do not need to simulate an entire browser to log in to Destiny.)
I took my Python code and extracted the bits that let you log in via PSN; I rewrote it as a "simple" bash script that relies on just curl and awk. Should run just about anywhere; 72 total lines and lots of comments. I'm not much of a shell scripter so it's probably not quite as clean as it could be.
In plain english, here's the sequence of events, which you should be able to do in any language that supports basic HTTP calls. The two URIs you'll need (url-encoded for convenience) are:
1. PSN_AUTHORIZE="https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize?response_type=code&client_id=78420c74-1fdf-4575-b43f-eb94c7d770bf&redirect_uri=https%3a%2f%2fwww.bungie.net%2fen%2fUser%2fSignIn%2fPsnid&scope=psn:s2s&request_locale=en"
2. PSN_LOGIN="https://auth.api.sonyentertainmentnetwork.com/login.do"
The HTTP sequence. Make sure you have redirects turned off - you don't need them and they make cookie handling a little more annoying:
1. GET PSN_AUTHORIZE; note the value of the "JSESSIONID" cookie.
2. POST PSN_LOGIN; make sure to pass the cookie from step 1, and send a form-encoded body: j_username with the username, j_password with the password. You'll get a new "JSESSIONID" cookie.
3. GET PSN_AUTHORIZE; pass the new cookie from step 2. You'll get redirected to something like https://www.bungie.net/en/User/SignIn/Psnid?code=000000 - let's call this BUNGIE_SIGNIN
4. GET BUNGIE_SIGNIN; note the values of cookies "bungled" and "bungleatk"
You can now make requests to the various Bungie APIs, including EquipItem!
According to my tests, you just need to pass bungled and bungleatk in as cookies, and then set the 'x-csrf' header to the value of bungled. API key appears to not always be necessary or checked.
Enjoy, guardians. My smartwatch fast item changer is almost complete. ;)
English
#Bungie
-
2 RepliesI'm not very good with curl but I tried to use your strategy.. everything works fine until the redirect to bungie.net.. It doesnt redirect my to bungie.net in the third step if run PSN_AUTHORIZE. Probably I do something wrong or I miss something I also tried it with CURLOPT_FOLLOWLOCATION. Here my code snippet: http://pastebin.com/YJtJefBK I hope someone can help me Thanks Sorry for my bad english, I hope you understand it ;-)
