Jump to content
Sign in to follow this  
Verox

Changes to Auth requirements - Auth v3

Recommended Posts

I.E. is excluded because it does not support EventSource which is used to provide functionality on the website. There are workarounds but I do not have infinite amount of time to implement them when there are other, more pressing things to be worked on than supporting a outdated, sub-par browser that does not conform to specifications.
 
I'm not sure if people are seeing something other than what I created, but there is only one green element on the page and it's HUGE. If you're having some legitimate trouble finding it then please do contact me because I find it really hard to imagine how anyone could be having issues with this.
 

Then it says I have to log onto steam to bind my steam login to this web site?!!!

Wait, no f*ng way I'm doing that.  First off, your page parroted the warning about binding steam logins to third-party sites. And this is a third party site!!
I'm not about to bind my steam account to some place that morphs constantly and has such poor quality control this "auth change" and risk a back-hack into my pay account.

 
I'm not sure what parroted warning you're on about here, obviously you should not insert your steam log-in details in to a third party site, which you are not doing with our service. You are signing in to an official, secured, Steam website which then sends us your verified SteamID which can be further used to identify you in-game. We don't see your username or password at any point (had you actually read this thread you would have found Jaynus' post which explained this) If you want to learn more about this you can go to https://steamcommunity.com/dev. If you feel strongly enough that we are abusing this service then feel free to contact Steam support. 

 

If you have such an issue with this then you are free to bring this up with the WSOs.

Share this post


Link to post

With all due respect...

While IE is not perfect, neither are any of the other major browsers. I've read the source for a number of browsers and found all to be lacking. But the fact is that IE is a major player, your opinion of its merit should not interfere with as serious a job as the web site's security.  On the other hand, if you do wish to discuss the merits of IE vs the children of netscape ( I actually read the source for that POS ), we can take that OT to another channel.

However, using *ANY* extensions to html, especially ones not implemented universally is incredibly bad technique. Releasing such code without initial warnings, going through 2-3 revs so far and then adding word about IE incompatibility leaves me with very low confidence as to the reliability of this work. And yes, it does take some effort to get to the page with the green button, your links and that page do not directly match up in certain cases.

As per steam auth ID - the page did not directly indicate that. Nor should I have to read Jaynus' or any one else's post - the information about what is being done should be clearly stated on the web page itself or it's total shit.

Share this post


Link to post

With all due respect...

 

While IE is not perfect, neither are any of the other major browsers. I've read the source for a number of browsers and found all to be lacking. But the fact is that IE is a major player, your opinion of its merit should not interfere with as serious a job as the web site's security.  On the other hand, if you do wish to discuss the merits of IE vs the children of netscape ( I actually read the source for that POS ), we can take that OT to another channel.

 

However, using *ANY* extensions to html, especially ones not implemented universally is incredibly bad technique. Releasing such code without initial warnings, going through 2-3 revs so far and then adding word about IE incompatibility leaves me with very low confidence as to the reliability of this work. And yes, it does take some effort to get to the page with the green button, your links and that page do not directly match up in certain cases.

 

As per steam auth ID - the page did not directly indicate that. Nor should I have to read Jaynus' or any one else's post - the information about what is being done should be clearly stated on the web page itself or it's total shit.

 

Then don't use it - if you took this kind of approach to ACRE, you would never play here. IE is notoriously bad at current standards compat, and there is no problem with Verox choosing to go with the other standards-compliant browsers.

 

 

P.S. That was a bit rude to Verox, I recommend you apologize to him. He has put in much time across the board for UO, and I garuntee you his work is a bit better "than shit".

Share this post


Link to post

IE has been consistently 3 or 4 years behind other major browsers since they came on the scene. While alternatives to EventSource do exist I do not have the time to invest in implementing a feature such a little portion (8% last time I checked) of our community will use, especially when the fix is simply to use a different browser.  If we were to only use web technologies that have been universally implemented then we'd all still be stuck in 1999 with Web 1.0. http://caniuse.com/#search=EventSource

 

If you could kindly direct me to the pages which 'do not directly match up' I would be very grateful. See, URLs in Auth are built by the forum software automatically, I don't get much input other than the module and section it is directed at.

 

The webpage does tell you what is happening, in HUGE big black bold letters at the top of the steam sign in page it says "SIGN IN WITH STEAM," which should give you a general idea of what's about to happen. Then, when you get to Steam's own website, signed by Steam's EV SSL Cert, it gives you a very detailed description of what signing in will do, and what we do and don't have access to.

Share this post


Link to post

Reading the spec for this extension that caused all the hoopla - basically it saves the programmer from requesting updates from the server. In other words,

it's a shortcut for code that could be written to spec with a bit more effort.

And yes Verox, Steam does explain more. I'm not about to pull the trigger to get to that documentation. You document what your page does so users know before they click.

If I had taken the attitude that minority does not matter I could have shaved 4 weeks off the time expended to design the ruck system for ACE in ArmA2 -- and broken all the support for missions

that allowed for purchase of items. A professional coder sweats the details, tests the product before release, documents extensively, and does not talk down to the user base about problems.

If this seems rude, I've been subjected to sudden threats of being banned for hitting the wrong key, told to re-authenticate for the 2nd or 3rd time now, tried the web page in good faith, discovered that
I need to switch browsers ( I use IE for compliance testing ), tried Chrome, dug around for several minutes before finding the aforemented button, then hitting a page that may or may not have granted access

to my steam account for what covert purposes it did not say.  I'll state my view of the facts and then step off this soap box - your ego will survive somehow.

Share this post


Link to post

Reading the spec for this extension that caused all the hoopla - basically it saves the programmer from requesting updates from the server. In other words,

it's a shortcut for code that could be written to spec with a bit more effort.

 

And yes Verox, Steam does explain more. I'm not about to pull the trigger to get to that documentation. You document what your page does so users know before they click.

 

If I had taken the attitude that minority does not matter I could have shaved 4 weeks off the time expended to design the ruck system for ACE in ArmA2 -- and broken all the support for missions

that allowed for purchase of items. A professional coder sweats the details, tests the product before release, documents extensively, and does not talk down to the user base about problems.

 

If this seems rude, I've been subjected to sudden threats of being banned for hitting the wrong key, told to re-authenticate for the 2nd or 3rd time now, tried the web page in good faith, discovered that

I need to switch browsers ( I use IE for compliance testing ), tried Chrome, dug around for several minutes before finding the aforemented button, then hitting a page that may or may not have granted access

to my steam account for what covert purposes it did not say.  I'll state my view of the facts and then step off this soap box - your ego will survive somehow.

 

Sorry you feel that way. Doors over there  :ph34r:

Share this post


Link to post

Yes... in the same way XHR is a shortcut for constantly refreshing frames.

 

For the majority of users the large black text that says "Sign in with Steam" is enough, and any extra information required is presented by Steam themselves, as it should be.

 

Unfortunately I do not have infinite amounts of time to work on Auth with, between training with the Army and university. I prioritize features, and this particular feature is quite low on the list considering the extremely small percentage of people it affects, and the ease of the workaround.

 

Given your reluctance to actually provide me with a screenshot or even a link to this supposedly hidden button I will assume you're lying on this point for the sake of argument, however, I have created this handy helper for future reference.

 

 

isSgw2K.png

 

Share this post


Link to post

Hi, I may be late to this post, but I'm having the issue of not having the correct password when using the authentication v3 process while trying to log into the TS3 server. If there is any information I am missing please let me know.

Share this post


Link to post

"Validation failure. Please ensure you are still using HTTPS. 

Close this page and try again."

 

-That is the message I've been getting every time I tried to authenticate via the link in the last 24 hours.  Tried from ISP's in several cities/states and from several devices using Chrome (PC's) and Safari (Apple iPad & iPhone).
azzwort was kind enough to get me squared away when I contacted him on TS, but I couldn't read the error message to him at the time, so I wanted to post it here so that you're aware that it may still not be working for everyone.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...