Forums

Get data from api with oauth server tokens

Sort:
mlody87pl
mlody87pl
Show your flair!
Dec 30, 2023
0
#1

Hi,
I have a website where the user can enter his nickname from chess.com. When he does this, the website checks his played games once a day, saves it in the database and generates statistics.

I want to change the manual username entry to logging in via oauth the chess.com server. I want to make sure that the username the player provides actually belongs to him.

The server provides access tokens.

My question is: should I save tokens for each user (access and refresh token) and add them to the query for data of each user in turn when I retrieve information about their games?

Now, having their usernames, I simply download the data I need from the API without adding tokens and everything works.

Please advise.
Thanks!

chesslover0003
chesslover0003
Show your flair!
Dec 30, 2023
0
#2

I do not believe chess.com is an identity provider that would allow you to authenticate users with chess.com.

Martin_Stahl
Martin_Stahl
Moderator
Dec 30, 2023
0
#3
chesslover0003 wrote:

I do not believe chess.com is an identity provider that would allow you to authenticate users with chess.com.

https://www.chess.com/announcements/view/chess-com-oauth-login-application

chesslover0003
chesslover0003
Show your flair!
Dec 30, 2023
0
#4
Martin_Stahl wrote:
chesslover0003 wrote:

I do not believe chess.com is an identity provider that would allow you to authenticate users with chess.com.

https://www.chess.com/announcements/view/chess-com-oauth-login-application

Correction. Thanks for clarifying happy.png

Maanas_khare
Maanas_khare
Show your flair!
Dec 30, 2023
0
#5

Plz dev apply rank when seeing profile like free fire ,some collective item to interact to play chess regularly, plz you can contact e-mail 📩-->maanaskhare316@gmail.com, I can give some idea 💡 so please contact me

mlody87pl
mlody87pl
Show your flair!
Dec 30, 2023
0
#6

Thank guys but... anyone is able to answer my question? happy.png

chesslover0003
chesslover0003
Show your flair!
Dec 31, 2023
0
#7

It depends on your application and what you're trying to accomplish. It sounds like you have an app that links a user's chess.com account with your app. And you want to have some integrity that the chess.com user specified belongs to your user. The token isn't necessary for accessing the data. What if chess.com is unable to authenticate the user but data is still accessible... you will not access the data because you can no longer authenticate the user (even though they were previously authenticated)?

To me, the easiest might be a one-time authentication to verify the chess.com username belongs to your user. Why continue to authenticate if you're not using it to authenticate for access to your app? What is the risk or implication of doing this one-time? Are you worried that the user no longer has access to the chess.com account and is no longer linked (the data is always public).

If you store tokens, what is the risk of your app being compromised and those tokens being stolen and used by others?

mlody87pl
mlody87pl
Show your flair!
Dec 31, 2023
0
#8

Thank you for answer. This is what I was looking for happy.png

Youre right. One time authentication should be ok happy.png