StormDev Logins

21
Downloads

Description

StormDev Logins is a REST API on stormdev.org which allows your site/game/application to allow users to login using their StormDev account. There is full documentation available for the whole API and a java implementation available for people making android apps, JSP websites, desktop applications and more.

Features

API Documentation

Full documentation of the API is available, you can view the documentation for the REST API here and the documentation (javadoc) for the Java Implementation is included in the download.

Using the API

Login a user

There are two ways of doing it:
Forward the user to StormDev.org, have them login and then get forwarded back to you
Let users login to StormDev.org using your own login form

Prevent being logged out for inactivity

If StormDev thinks the account has been inactive for a while (About an hour), then it is automatically logged out and the login session is no longer valid. To stop this, when the user is active, make periodic(About every 10-20 minutes) POST requests to
http://stormdev.org/auth/doActivity
with the account email and session id in the request body in a JSON format. The server will return either true or false, true meaning that StormDev now knows that the account isn't inactive and false meaning that either the sessionID is wrong or the account has logged out. You can determine the exact reason why by checking the HTTP Status code. For more information see the API Docs

Validate the login session (Check that the user hasn't logged out)

It is a good idea to periodically check that the user's session is still valid because it can be invalidated by many things: The user logging out, the user being considered 'inactive', etc... Fortunately this is simple to do; make a POST request to
http://stormdev.org/auth/validateSession
with the account email and session id in the request body in a JSON format. If the response from the server is 'true', then it's valid and if it's 'false' then it's invalid because either they're not logged in or the session id is wrong. You can determine the exact reason why by checking the HTTP Status code. For more information see the API Docs

Logout a user

When the user is done, you probably don't need them to logout of StormDev, but if you do this is done by making a POST request to
http://stormdev.org/auth/logout
with the account email and either session id or password in the request body in a JSON format. The server will then return 'true' if they were successfully logged out, or 'false' if they weren't or were already logged out. If it returns 'false' you can determine the exact reason why by checking the HTTP Status code. For more information see the API Docs

Prove that a client is logged into a valid StormDev login session to another client or a server

If you intend to use StormDev accounts in a multiplayer game or other application where it is necessary to prove to another that you are logged in to a valid StormDev account, without simply sending the session id (As this can be used to log out, etc...) then the /auth/clientDualAuth and /auth/serverDualAuth (And java implementation equivalents) are going to be useful to you. How to use them:
  1. The client makes a POST request to
    http://stormdev.org/auth/clientDualAuth
    with the account email and session id in JSON format. (For more information see the API Docs)
  2. Next the server will send a response in JSON format, which if the user is correctly logged in, contains a randomly generated AuthKey which expires within a minute. (If they aren't logged-in correctly then check the API Docs for what the possible responses will be)
  3. The client tells the other client/server the AuthKey and their email.
  4. The other client/server makes a POST request to
    http://stormdev.org/auth/serverDualAuth
    and if the response says that everything worked out ok, the other client/server can be sure that the user is indeed logged into a valid StormDev account. The response also contains the account and session information, except the session id.