{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
originally posted in:BungieNetPlatform
View Entire Topic
3/6/2015 9:58:23 PM
7
"Simple" authentication using PSN
Hey folks.
I've seen a lot of confusion over how to handle logging in to Destiny. Some of the solutions I've seen are kind of wrong/scary, and some of them require way too much effort or extra packages. (You do not need to simulate an entire browser to log in to Destiny.)
I took my Python code and extracted the bits that let you log in via PSN; I rewrote it as a "simple" bash script that relies on just curl and awk. Should run just about anywhere; 72 total lines and lots of comments. I'm not much of a shell scripter so it's probably not quite as clean as it could be.
In plain english, here's the sequence of events, which you should be able to do in any language that supports basic HTTP calls. The two URIs you'll need (url-encoded for convenience) are:
1. PSN_AUTHORIZE="https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize?response_type=code&client_id=78420c74-1fdf-4575-b43f-eb94c7d770bf&redirect_uri=https%3a%2f%2fwww.bungie.net%2fen%2fUser%2fSignIn%2fPsnid&scope=psn:s2s&request_locale=en"
2. PSN_LOGIN="https://auth.api.sonyentertainmentnetwork.com/login.do"
The HTTP sequence. Make sure you have redirects turned off - you don't need them and they make cookie handling a little more annoying:
1. GET PSN_AUTHORIZE; note the value of the "JSESSIONID" cookie.
2. POST PSN_LOGIN; make sure to pass the cookie from step 1, and send a form-encoded body: j_username with the username, j_password with the password. You'll get a new "JSESSIONID" cookie.
3. GET PSN_AUTHORIZE; pass the new cookie from step 2. You'll get redirected to something like https://www.bungie.net/en/User/SignIn/Psnid?code=000000 - let's call this BUNGIE_SIGNIN
4. GET BUNGIE_SIGNIN; note the values of cookies "bungled" and "bungleatk"
You can now make requests to the various Bungie APIs, including EquipItem!
According to my tests, you just need to pass bungled and bungleatk in as cookies, and then set the 'x-csrf' header to the value of bungled. API key appears to not always be necessary or checked.
Enjoy, guardians. My smartwatch fast item changer is almost complete. ;)
-
Definitely didn't mean to start a new topic...thought it was weird that it required a title for a comment. Sorry about that. Original comment: Hi abl, I'm new to working with API's and I've done a lot of reading the past couple days learning about HTTP requests and specifically the Destiny API. I am using python and httplib2 to interact with the API, and I'm wondering if I can just run this script from within python and then make authenticated requests? If it's easier to just log in to PSN using python code (which you mentioned in your post) and you don't mind sharing your python code, I would greatly appreciate it! I'm not planning on releasing any services or websites or anything like that, I'm a junior computer science major and I just love messing with stuff like this. Thanks for all of your posts across this group, they've been really helpful!
