openid - Steam API Authentication

Question

Before I get started, let me say I know absolutely nothing about OpenID. I don't even want to do what OpenID is used for, but I imagine people will mention it, but thats not what I'm looking for.

I have software. That software requires users to provide their Steam Username when they register. They are not signing on through Steam, just providing their username so that others know their steam username. So there is no need for OpenID.

I know, I can simply just add a text field and have them list their Steam username and call it a day. However, doing this, people can input pretty much any steam username they want and be done. I would instead like to be able to confirm their usernames.

Ideally, there would be an "authenticate steam account" button. People click it, and it brings up a Steam login form. People login, and then steam returns their username (and maybe some extra data, such as their avatar). What would be the best way to do this?

Answer 1

There is a need for OpenID. That's the method that Valve uses according to their documentation.

You don't mention what your application is written in, so I can only guess that you are doing this via a web page. In that case, I recommend using the LightOpenID library. From there, this sample code should be able to get you started.

<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
try 
{
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
    if(!$openid->mode) 
    {
        if(isset($_GET['login'])) 
        {
            $openid->identity = 'http://steamcommunity.com/openid/?l=english';    // This is forcing english because it has a weird habit of selecting a random language otherwise
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
    } 
    elseif($openid->mode == 'cancel') 
    {
        echo 'User has canceled authentication!';
    } 
    else 
    {
        if($openid->validate()) 
        {
                $id = $openid->identity;
                // identity is something like: http://steamcommunity.com/openid/id/76561197960435530
                // we only care about the unique account ID at the end of the URL.
                $ptn = "/^http://steamcommunity.com/openid/id/(7[0-9]{15,25}+)$/";
                preg_match($ptn, $id, $matches);
                echo "User is logged in (steamID: $matches[1])
";

                $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]";
                $json_object= file_get_contents($url);
                $json_decoded = json_decode($json_object);

                foreach ($json_decoded->response->players as $player)
                {
                    echo "
                    <br/>Player ID: $player->steamid
                    <br/>Player Name: $player->personaname
                    <br/>Profile URL: $player->profileurl
                    <br/>SmallAvatar: <img src='$player->avatar'/> 
                    <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
                    <br/>LargeAvatar: <img src='$player->avatarfull'/> 
                    ";
                }

        } 
        else 
        {
                echo "User is not logged in.
";
        }
    }
} 
catch(ErrorException $e) 
{
    echo $e->getMessage();
}
?>

Using this, it will present the user with a Steam Login ID button. When it is clicked it will redirect the user to the Steam Community login page. After they login, the user is redirect back to your page, that you set on the LightOpenID constructor. If the user has been validated, it will pull the unique player ID from the returned value. That returned value looks like http://steamcommunity.com/openid/id/76561197960435530, and you need just the 76561197960435530 part.

At this point you can query Steam to get player information. In the sample provided, the user is queried and basic player information is displayed.