Passing state to steam & back

Question

Passing state to steam & back

Opened this issue 4 years ago · 4 comments

I have been trying for a few days to get passport-steam to pass a state object to steam, which I need to receive with the return_url.

Can you verify this works, and potentially point me in the right direction for how to pull it off?

Thank you so much!

Answer 1 · 2021-01-07T04:57:57.000Z

Were you able to find a way?

Answer 2 · 2021-03-31T15:51:36.000Z

I'm interested in the same feature. Does anyone know if this is available in any form?

Answer 3 · 2022-02-24T17:33:01.000Z

I'm interested in the same thing! Steam Auth is essentially useless for me this way because I don't know which user's Steam data I got, please implement this or tell us how to do this!

Answer 4 · 2024-03-24T01:57:10.000Z

Steam with openid doesn't include any state which means it's stateless and because of that we don't get the passed state back with the returnUrl.

Instead we get a generated nonce by openid. I'm not sure how can we use this nonce to prevent replay attacks and verify users etc. But I know it's not possible to send a state with Steam.

I think there should be a way to verify that nonce which also includes a timestamp that you can use to verify users but it's not a very good option because you will only get hour, min and sec nothing more (with day month and year ofc). I'm still in research to find a way to pass a state or find a way to somehow verify it.