Investigate moving away from web api nonce tokens
JustArchi opened this issue · comments
Checklist
- I read and understood ASF's Contributing guidelines
- I also read Setting-up and FAQ, I don't need help, this is an enhancement idea
- My idea doesn't duplicate existing ASF functionality described on the wiki
- I believe that my idea falls into ASF's scope and should be offered as part of ASF built-in functionality
- My idea doesn't violate the Steam Subscriber Agreement
- My idea doesn't violate the Steam Online Conduct
- This is not ASF-ui suggestion
Enhancement purpose
#3029 suggests that sooner or later web api nonce tokens will stop working, and rather sooner than later. We should move away from them and try to utilize access tokens from new login flow, which fortunately we've already managed to implement.
Solution
Find out method responsible for refreshing/getting new access token. Hint goes for CAuthentication_AccessToken_GenerateForApp_Request
, then:
- We store access token and its validity
- Once it expires or we get denied, we ask for new one based on refresh token
- If above fails, we do full relog procedure as it means refresh token is dead as well
This all replaces functionality in ArchiWebHandler.Init()
, since access token acts the same as steamLoginSecure
.
Why currently available solutions are not sufficient?
Because there is a chance ASF will break in a way that will be much harder to fix than #3029.
Can you help us with this enhancement idea?
Yes, I can code the solution myself and send a pull request
Additional info
Thanks @xPaw
Hello @JustArchi, valve already did it. RequestWebAPIUserNonce - WebApi authorization is not works anymore. Guess this theme needs to be moved to High priority...
Closed since it's no longer relevant as the fix is mandatory now: #3043