{"id":20177823,"url":"https://github.com/tfc/steam-login","last_synced_at":"2026-04-30T06:38:16.792Z","repository":{"id":137345051,"uuid":"547375685","full_name":"tfc/steam-login","owner":"tfc","description":"Demonstrator web app with OpenID Steam Login and JWT Cookie management","archived":false,"fork":false,"pushed_at":"2022-10-08T08:22:14.000Z","size":12,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-03T05:28:22.712Z","etag":null,"topics":["haskell","jwt","jwt-authentication","nix","openid","openid-connect","servant","servant-auth","servant-auth-server","steam","steam-api"],"latest_commit_sha":null,"homepage":"","language":"Haskell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tfc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-07T15:23:44.000Z","updated_at":"2022-10-08T15:23:31.000Z","dependencies_parsed_at":"2023-04-17T00:08:19.971Z","dependency_job_id":null,"html_url":"https://github.com/tfc/steam-login","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tfc/steam-login","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tfc%2Fsteam-login","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tfc%2Fsteam-login/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tfc%2Fsteam-login/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tfc%2Fsteam-login/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tfc","download_url":"https://codeload.github.com/tfc/steam-login/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tfc%2Fsteam-login/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259546443,"owners_count":22874564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["haskell","jwt","jwt-authentication","nix","openid","openid-connect","servant","servant-auth","servant-auth-server","steam","steam-api"],"created_at":"2024-11-14T02:17:33.011Z","updated_at":"2026-04-30T06:38:16.766Z","avatar_url":"https://github.com/tfc.png","language":"Haskell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Steam-Login Web App Demonstrator\n\n![](https://steamcdn-a.akamaihd.net/steamcommunity/public/images/steamworks_docs/english/sits_large_noborder.png)\n\nThis repository contains a small Haskell web application that provides an\n[OpenID login](https://openid.net/connect/) via the [Steam platform](https://partner.steamgames.com/doc/features/auth).\nI created it in order to learn how OpenID + Steam + [JWT](https://jwt.io/) + Cookies work.\n\n## Implemented User Story\n\n1. User visits `/` and gets an HTTP 401 error (Unauthorized) because they are\n   not logged in.\n2. User visits `/login` and gets redirected to the Steam login page, where they\n   are asked if they really want to login to that service.\n\n   ![steam-login](https://user-images.githubusercontent.com/29044/194697519-f3f64fcb-71c4-4531-a0ef-d41fbade863a.png)\n\n3. After clicking the \"Sign in\" button, Steam redirects back to the\n   `/login-redirect` route with information about the user.\n   - The web app first needs to check this information against a trusted steam\n     server, because users could easily forge such redirects.\n   - If the information is correct, the Steam ID is extracted from it and more\n     user information is obtained via another request to the steam servers\n   - The web app then stores the Steam ID and username in a JWT cookie and sends\n     it back to the user.\n\n   ![login-redirect-hello](https://user-images.githubusercontent.com/29044/194697647-9afb5386-4c88-4732-b9ef-5315c0cd67a8.png)\n\n4. Another visit on `/` reveals that the web app now recognizes the user.\n   They are logged in!\n\n   ![logged-in](https://user-images.githubusercontent.com/29044/194697659-4262110c-e1af-427d-a6ba-9238b105b1a8.png)\n\n## How to Run the Demonstrator App\n\n1. Install [nix](https://nixos.org/download.html)\n  (You can build the app yourself via manual installation of Cabal and GHC, which is also straightforward but out of scope)\n2. Obtain a [steam web API key](https://steamcommunity.com/dev/apikey)\n3. Run\n\n   ```bash\n   nix run github:tfc/steam-login -- --steam-client-key \u003cweb client key from steam\u003e\n   ```\n\n4. Browse to `http://localhost:8000/login`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftfc%2Fsteam-login","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftfc%2Fsteam-login","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftfc%2Fsteam-login/lists"}