I'm doing login via steam to my website (in C# .NET 7) but the login works strangely.. I'm calling login url which redirect me to my website on callback endpoint and there I veryfying login (another api call to steam) and sometimes I get success login and sometimes not success.. What could I do wrong?
For login I'm calling url:
And for verifying login I'm calling url:
https://steamcommunity.com/openid/login - in this url I add all query parameters which was returned in 1st api call and change openid.mode to check_authentication
-so my final verify url looks like this:
The urls I was doing by this issue: Steam OpenID Signature Validation, but as I mentioned, it works rly strangely (sometimes yes, sometimes not)
Any ideas what I'm doing wrong?
Ok, so problem was in http request method.. I was sending it as HttpGet but it has to be send as HttpPost. So I fix it like this:
var payload = new Dictionary<string, string>();
foreach (var param in _httpContextAccessor.HttpContext.Request.Query)
{
payload.Add(param.Key, (param.Key == "openid.mode" ? "check_authentication" : param.Value));
}
using var request = new HttpRequestMessage(HttpMethod.Post, "https://steamcommunity.com/openid/login")
{
Content = new FormUrlEncodedContent(payload!)
};
using var response = await _httpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
if (!response.IsSuccessStatusCode)
{
return false;
}
var parameters = new Dictionary<string, string>(StringComparer.Ordinal);
using (var stream = await response.Content.ReadAsStreamAsync(cancellationToken))
using (var reader = new StreamReader(stream))
{
for (var line = await reader.ReadLineAsync(cancellationToken); line != null; line = await reader.ReadLineAsync(cancellationToken))
{
var parameter = line.Split(':');
if (parameter.Length != 2)
continue;
parameters.Add(parameter[0], parameter[1]);
}
}
return string.Equals(parameters["is_valid"], "true");