How to implement Steam Auth with Firebase?

All I found was this old answer:

https://groups.google.com/forum/#!topic/firebase-talk/rApG8QQd6t4

Does a fellow SOer know any information or could a Firebase engineer provide a more detailed answer?

I am currently trying to authenticate the user with Steam using this library:

https://github.com/liamcurry/passport-steam

and then use Firebase custom tokens to get the user in my Firebase auth system.

I don't know if this is the right approach. Regardless, I am stuck.


EDIT:

Here is my current code:

app.js

var passport = require('passport');
var SteamStrategy = require('passport-steam').Strategy;

app.use(passport.initialize());

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

passport.use(new SteamStrategy({
    returnURL: 'http://localhost:8080/users/steam/return',
    realm: 'http://localhost:8080/',
    apiKey: steamKey.steam,
    stateless:true
  },
  function(identifier, profile, done) {

    profile.identifier = identifier;
    return done(null, profile);
  }
));

users.js

    router.get('/steam', passport.authenticate('steam', { failureRedirect: 'login' }), function(req, res, next) {

});

router.get('/steam/return', 
  function(req, res, next) {
      req.url = req.originalUrl;
      next();
  }, 
  passport.authenticate('steam', { failureRedirect: 'users/login' }),
  function(req, res) {
    console.log(JSON.stringify(req.query));
    var oid = req.query["openid.claimed_id"];
    var array = oid.split("/id/");
    console.log("Array: "+array);
    var result = array[1];
    console.log(result);
    admin.auth().createCustomToken(result)
      .then(function(customToken) {
         res.render("users/login",{token: customToken, passed: true});
      })
      .catch(function(error) {
        console.log("Error creating custom token:", error);
      });
});

users/login.ejs:

<a href="steam"><img id="steamLogin" src="../../public/assets/steamLogin.png"/></a>
    <script>

        if ("<%=passed%>" == "true") {
            firebase.auth().signInWithCustomToken("<%=token%>").catch(function(error) {
                if (error) {
                    alert(error);
                }
                else {
                    res.redirect("screenshots/index");
                }

            });   
        }  

    </script>

My current issue is the following:

1) This works but exposes the Steam claimed ID as the public UID for the user. Is it safe to expose the user claimed ID? Does that not mean anyone could impersonate my user by using his claimed ID?

2) There is nothing under "Identifier" in my Firebase Auth dashboard. How can I specify an identifier when signing in the user?

3) In fact, what should I use as the uid when creating the custom token?

Answers:

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.