JavaScript is required to use Bungie.net

#Bungie

originally posted in:BungieNetPlatform
3/6/2015 9:58:23 PM
7

"Simple" authentication using PSN

Hey folks. I've seen a lot of confusion over how to handle logging in to Destiny. Some of the solutions I've seen are kind of wrong/scary, and some of them require way too much effort or extra packages. (You do not need to simulate an entire browser to log in to Destiny.) I took my Python code and extracted the bits that let you log in via PSN; I rewrote it as a "simple" bash script that relies on just curl and awk. Should run just about anywhere; 72 total lines and lots of comments. I'm not much of a shell scripter so it's probably not quite as clean as it could be. In plain english, here's the sequence of events, which you should be able to do in any language that supports basic HTTP calls. The two URIs you'll need (url-encoded for convenience) are: 1. PSN_AUTHORIZE="https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize?response_type=code&client_id=78420c74-1fdf-4575-b43f-eb94c7d770bf&redirect_uri=https%3a%2f%2fwww.bungie.net%2fen%2fUser%2fSignIn%2fPsnid&scope=psn:s2s&request_locale=en" 2. PSN_LOGIN="https://auth.api.sonyentertainmentnetwork.com/login.do" The HTTP sequence. Make sure you have redirects turned off - you don't need them and they make cookie handling a little more annoying: 1. GET PSN_AUTHORIZE; note the value of the "JSESSIONID" cookie. 2. POST PSN_LOGIN; make sure to pass the cookie from step 1, and send a form-encoded body: j_username with the username, j_password with the password. You'll get a new "JSESSIONID" cookie. 3. GET PSN_AUTHORIZE; pass the new cookie from step 2. You'll get redirected to something like https://www.bungie.net/en/User/SignIn/Psnid?code=000000 - let's call this BUNGIE_SIGNIN 4. GET BUNGIE_SIGNIN; note the values of cookies "bungled" and "bungleatk" You can now make requests to the various Bungie APIs, including EquipItem! According to my tests, you just need to pass bungled and bungleatk in as cookies, and then set the 'x-csrf' header to the value of bungled. API key appears to not always be necessary or checked. Enjoy, guardians. My smartwatch fast item changer is almost complete. ;)
English
#Bungie

Posting in language:

 

Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

View Entire Topic
You are not allowed to view this content.
;
preload icon
preload icon
preload icon