This repository contains a small Haskell web application that provides an OpenID login via the Steam platform. I created it in order to learn how OpenID + Steam + JWT + Cookies work.
-
User visits
/and gets an HTTP 401 error (Unauthorized) because they are not logged in. -
User visits
/loginand gets redirected to the Steam login page, where they are asked if they really want to login to that service.
-
After clicking the "Sign in" button, Steam redirects back to the
/login-redirectroute with information about the user.- The web app first needs to check this information against a trusted steam server, because users could easily forge such redirects.
- If the information is correct, the Steam ID is extracted from it and more user information is obtained via another request to the steam servers
- The web app then stores the Steam ID and username in a JWT cookie and sends it back to the user.
-
Another visit on
/reveals that the web app now recognizes the user. They are logged in!
-
Install nix (You can build the app yourself via manual installation of Cabal and GHC, which is also straightforward but out of scope)
-
Obtain a steam web API key
-
Run
nix run github:tfc/steam-login -- --steam-client-key <web client key from steam>
-
Browse to
http://localhost:8000/login