Skip to content

OAuth

Jump to bottom
ashakoor edited this page Aug 4, 2022 · 3 revisions

Setting up your client for OAuth

You must set your application's OAuth status to "Confidential" or "Public" on the Bungie applications page.
Pass the client ID (and client secret for Confidential clients) to the BungieClientConfig.
Your API key, tokens, client ID, and [optional] client secret must all be from the same application.

OAuth flow

  1. Send your user to the authorization page on Bungie.net.
    • The URL is https://www.bungie.net/en/OAuth/Authorize with 2-3 query parameters
      • response_type=code - will never be changed for the purposes of the Bungie API
      • client_id= followed by your client ID, e.g. a client ID of 33107 would be client_id=33107
      • [Optional] state= followed by a string of characters.
        • This parameter will be handed back to you later on.
        • The state parameter is for your own purposes - use it to redirect the user back to the page they were on, perform some kind of validation, etc.
    • BungieSharper will generate the link for you in {client instance}.OAuth.GetOAuthAuthorizationUrl(...)
  2. Your user will then be prompted to log into Bungie.net and allow access to your application.
  3. Upon acceptance, the user will be redirected to the redirect page you set at Bungie.net for your application.
    • There will be one or two querystring parameters appended to the URL - code, and if it was set in the authorization URL, state
  4. The content of the code parameter should be sent in a token request - {client instance}.OAuth.GetOAuthToken(...)
  5. The access_token is what you will use with requests to authenticate them. The token is good for an unlimited number of requests for an hour.
  6. [Confidential clients only] The refresh_token will be sent in a refresh request ({client instance}.OAuth.RefreshOAuthToken(...)) to get a new access token and refresh token.
    • The refresh_token is good for 1 use and expires after 90 days.

New auth, who dis?

Do not use User.GetMembershipDataForCurrentUser to find out who the user you got tokens for is.
Use the membership_id included with the token response - that is the membership ID for their Bungie account.
If you want their IDs for their platform accounts (e.g. Steam, Xbox, PS) use that membership ID with Destiny2.GetLinkedProfiles and the BungieNext membership type.

Clone this wiki locally