{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
originally posted in:BungieNetPlatform
View Entire Topic
3/6/2015 9:58:23 PM
7
"Simple" authentication using PSN
Hey folks.
I've seen a lot of confusion over how to handle logging in to Destiny. Some of the solutions I've seen are kind of wrong/scary, and some of them require way too much effort or extra packages. (You do not need to simulate an entire browser to log in to Destiny.)
I took my Python code and extracted the bits that let you log in via PSN; I rewrote it as a "simple" bash script that relies on just curl and awk. Should run just about anywhere; 72 total lines and lots of comments. I'm not much of a shell scripter so it's probably not quite as clean as it could be.
In plain english, here's the sequence of events, which you should be able to do in any language that supports basic HTTP calls. The two URIs you'll need (url-encoded for convenience) are:
1. PSN_AUTHORIZE="https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize?response_type=code&client_id=78420c74-1fdf-4575-b43f-eb94c7d770bf&redirect_uri=https%3a%2f%2fwww.bungie.net%2fen%2fUser%2fSignIn%2fPsnid&scope=psn:s2s&request_locale=en"
2. PSN_LOGIN="https://auth.api.sonyentertainmentnetwork.com/login.do"
The HTTP sequence. Make sure you have redirects turned off - you don't need them and they make cookie handling a little more annoying:
1. GET PSN_AUTHORIZE; note the value of the "JSESSIONID" cookie.
2. POST PSN_LOGIN; make sure to pass the cookie from step 1, and send a form-encoded body: j_username with the username, j_password with the password. You'll get a new "JSESSIONID" cookie.
3. GET PSN_AUTHORIZE; pass the new cookie from step 2. You'll get redirected to something like https://www.bungie.net/en/User/SignIn/Psnid?code=000000 - let's call this BUNGIE_SIGNIN
4. GET BUNGIE_SIGNIN; note the values of cookies "bungled" and "bungleatk"
You can now make requests to the various Bungie APIs, including EquipItem!
According to my tests, you just need to pass bungled and bungleatk in as cookies, and then set the 'x-csrf' header to the value of bungled. API key appears to not always be necessary or checked.
Enjoy, guardians. My smartwatch fast item changer is almost complete. ;)
English
#Bungie
-
4 RepliesYou don't need to "act like a browser" but keeping the browser workflow identical helps to future proof you if, say, URLs or client ids change in the workflow. Is it likely to happen? Probably not, but you never know. Nice info with the cookies. I never bothered to test which ones were required.
