引用自 EmptyHeadGuy：

引用自 Teksura：

I kind of doubt this. In your last message you were rather vocal that you didn't understand how Steam Auth worked, as you didn't know what platform you need to be logged into in order to make use of Steam Auth. Now you're making an app with something you didn't understand in your last post? Sorry, but people who develop sites that use Steam Auth generally understand at least the basics of how it works, and understand enough about cyber security to know the vulnerabilities and why it's important to never give credentials to anything other than the site you're trying to log into.

I am a developer. I'm making a game and a web app to go with it. The app stores all of the player's persistent data and needs to authenticate with Steam. How is that so difficult to understand? Oh right.... because you are not a developer.

At least I understand that if I'm trying to log into something via on my web browser then I can't make it work without logging into Steam on said web browser. How did you not understand that I wonder? Oh right, because you're just someone lying on the forums, claiming to be something you're not to cover up your own embarrassing tech illiteracy.

Honestly, it doesn't matter what titles you say you have given yourself in the past few days. You can claim to be a special forces marine with over 100 confirmed kills for all I care. It's not going to change anything. In the future, remember that those sorts of boasts are not new on the internet, and for many of us, are something of a running joke almost as old as the internet itself.

引用自 Teksura：

At least I understand that if I'm trying to log into something via on my web browser then I can't make it work without logging into Steam on said web browser. How did you not understand that I wonder? Oh right, because you're just someone lying on the forums, claiming to be something you're not to cover up your own embarrassing tech illiteracy.

Honestly, it doesn't matter what titles you say you have given yourself in the past few days. You can claim to be a special forces marine with over 100 confirmed kills for all I care. It's not going to change anything. In the future, remember that those sorts of boasts are not new on the internet, and for many of us, are something of a running joke almost as old as the internet itself.

You have to just be trolling at this point....what are you so paranoid for? What the hell are you talking about? SEEK MEDICAL ATTENTION!

I am a developer. I am making a game. I'm also making a PWA (Progress Web App) using React & Node JS hosted on GCP (Google Cloud Platform). The game engine is UE5 (Unreal Engine 5). I have auth via steam already setup on the PWA using this ---> https://www.npmjs.com/package/passport-steam so that players can have their data saved on the cloud so it can be displayed in a leaderboard format. I've also setup cloud function endpoints so that HTTP requests can be sent while in game using JSON and authenticated via their Steam ID + Access Token to read and write to the database. The problem with this method is that it doesn't have any way of checking that the user has actually purchased the game or not.

So to resolve that I have an additional in-game auth that players go through one time.

For in game auth I have an event that opens up the steam overlay browser and goes to my PWA login page. It was working fine until Steam "recently" changed things on their end regarding the login procedure. You can enter in your email and password and then it needs to do two factor authentication. Fine, users can enter in the code that is sent to their phone but now when they click submit it takes them to the next step where it asks for that steam guard code but when you open up the app on your phone it expects to scan a QR code. (There is no QR code) then when you click the button to "Show Steam Guard Code" it says "You should only need to enter a code if your phone doesn't have internet access." "Never give your code to another user or website." but this DOESN'T MAKE ANY SENSE.


WHY NOT GENERATE A QR CODE IF QR CODE IS THE NEW STANDARD?!?!?! THERE IS NO QR CODE!!!!

We're locking this thread as it has devolved into non-productive argument. Thanks for your understanding.