{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
originally posted in:BungieNetPlatform
11/5/2015 10:21:09 AM
4
Users hate our app because we HAVE to take their PSN/Xbox details
The number one source of complaints and worries with mobile apps is users complaining they have to enter their Microsoft or PSN username and password into an app before it can access the private Destiny API. They are quite right to be worried as those credentials give access to credit card based services, private email and highly valuable game libraries with related data.
I doubt any of us want to touch these details, but we have no choice. There is no genuine Oauth or other way to authenticate our apps to get the Bungie account details and access the full API. Can you give us a heads up on if you have any plans to address this?
-
1 ReplyWell I have been using the app for over a year without any issue that you are speaking of. I have never heard of anyone having a problem. I am sure bungie would give you access without logging into those accounts if it were possible I will take the risk and if I get burned I will never use the app again. I don't think 3rd party apps are even able to access the purchasing side of psn/Xbox. So this could be a pointless worry.
-
1 ReplyEven thou technically if they are entering the credentials into a website you could get them from there, you shouldn't be asking them to enter credentials in custom login pages, use the official Microsoft and PlayStation pages and that should be enough for users.
-
An official sony/mircosoft login page pops up for me when I want to login to the app.
-
6 RepliesYou're preaching to the choir my friend xP I've definitely run into this issue myself and can very much relate. Currently there is no workaround so far as I can tell other than only using public endpoints (note more and more things are becoming public). I imagine the issue is that in order to prevent malicious third parties from trolling the snot out of you (like constantly moving items from your inventory to your vault while you're playing, etc etc) you need to be logged in to do certain things to prevent stuff like that from happening. Like you said an OAuth would be fantastic, but currently that's not a thing unfortunately.
