Leda at 12:49, 27 May 2023

2023-05-27T12:49:16Z

Dorothée: Created page with " User authentication for apps registered in AppZone == Usage == ;URL values :`user` -- base64 encoded php serialized array :`checksum` -- sha1 hash_hmac..."

2020-07-23T09:43:46Z

Created page with " User authentication for apps registered in AppZone == Usage == ;URL values :<code>user</code> -- base64 encoded php serialized array :<code>checksum</code> -- sha1 hash_hmac..."

New page

User authentication for apps registered in AppZone
== Usage ==
;URL values
:<code>user</code> -- base64 encoded php serialized array
:<code>checksum</code> -- sha1 hash_hmac with app secret key from AppZone

Because of php serialize, checksum must be validated before user value can be safely used.<br />
A validating checksum will also give a strong guarantee that the user is who he claims to be.

Example how the response is created:
<syntaxhighlight lang="php">$userArray = [
'timestamp' => "0.9696200 1503915319",
'app_url' => 'http://...',
'id' => "1",
'char_name' => 'player',
'race' => 'tryker',
'cult' => 'neutral',
'civ' => 'neutral',
'organization' => 'marauder',
'guild_id' => '105906000',
'guild_icon' => '17',
'guild_name' => 'guild',
'grade' => 'Leader',
'lang' => 'en'
];

$user = base64_encode(serialize($userArray));
$checksum = hash_hmac('sha1', $user, $appKey);</syntaxhighlight>

<code>timestamp</code> contains microseconds and seconds when the response was created and should be checked to prevent replaying the same response multiple times.<br />
<code>app_url</code> must be checked to prevent same AppZone response to be used in other apps.

=== PHP interface ===
ryzom_app_authenticate(&$user)

This function verifies AppZone user and checksum url parameters. Uses $_GET['user'] and $_GET['checksum'] directly.<br />
Function returns boolean true if successful. $user variable will contain info from AppZone or an error message if there was an error

{| style="float:left; margin-right: 10px;padding: 0px"
|-
| <syntaxhighlight lang="php">$_SESSION['app.user']</syntaxhighlight>|| is set for future requests. PHP session is required.
|} {{clear}}
:'''Constants''' that should be defined :

::<code>RYAPI_AUTH_KEY</code>
:::secret key in AppZone
:::if empty, then user info is not verified (not recommended)
::<code>RYAPI_APP_URL</code>
:::app url in AppZone
:::if empty, then automatic best guess url is tried
:::if false, then app url is not verified
::<code>RYAPI_APP_MAXAGE</code>
:::max age in seconds for AppZone url to be valid
:::if 0, then timestamp is not verified

<syntaxhighlight lang="php"><?php
require_once "ryzomapi_lite.php";

define('RYAPI_AUTH_KEY', 'secret-key');
define('RYAPI_APP_URL', 'http://app.url/');
define('RYAPI_APP_MAXAGE', 30);

session_start();

$user = false;
if (ryzom_app_authenticate($user)) {
$charName = htmlspecialchars($user['char_name']);
echo "Hello {$charName}!";
} else {
$error = htmlspecialchars($user);
echo "Authentication failure ({$error}).";
}</syntaxhighlight>
<noinclude>[[Category:Ryzom API|AppZone]]</noinclude>

@@ Line 1: / Line 1: @@
+<noinclude>{{Trad|DE=Ryzom API/AppZone|EN=Ryzom API/AppZone|palette=api|H=1}}</noinclude>
 User authentication for apps registered in AppZone
 == Usage ==

Ryzom API/AppZone - Revision history

Leda at 12:49, 27 May 2023

Dorothée: Created page with " User authentication for apps registered in AppZone == Usage == ;URL values :user -- base64 encoded php serialized array :checksum -- sha1 hash_hmac..."

Dorothée: Created page with " User authentication for apps registered in AppZone == Usage == ;URL values :`user` -- base64 encoded php serialized array :`checksum` -- sha1 hash_hmac..."