Guild Wars 2

What is the difference between the account ID and account name?

I’m completely new to Oauth, so bear with me here.. I’ve read https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified as a simple introduction, and from what I can see it – at least for this app – requires a web server to get the callback, right?

Is there a way for a native app, like a command line script, to get a token for an account?

Also for mobile apps, it’s standard to give a redirect / response URL that’s handled internally by the app (both iOS and Android SDKs allow you to control a WebView and see any URL’s attempted to navigate to).

In this case you’d grab the response URL and send the data to your own code instead of a web server…so you don’t specifically NEED a webserver, just a web view that enables you to handle the response.

I’m putting together a .NET (C#) example…it’s not nearly as compact as a node or go example, but whatever :P

A C# example of using a temporary token to get account information:

https://github.com/Remfin/GuildWars2.API.Authenticated.Samples

The real code is in one file:

https://github.com/Remfin/GuildWars2.API.Authenticated.Samples/blob/master/GuildWars2.Samples.Account/GuildWars2.Samples.Account/Controllers/HomeController.cs

Obviously not even remotely production-ready, but at the end of the callback method I now know that the browser I’m talking to is that person, and I could (kind of) use it authenticate users into my website without having to have my own user/pass system.

Remfin.4892:

but at the end of the callback method I now know that the browser I’m talking to is that person, and I could (kind of) use it authenticate users into my website without having to have my own user/pass system.

That’s basically what the “Login with Google/Facebook/Twitter” button on many websites does.

Btw. for PHP users: https://code.google.com/p/simple-php-oauth/

class GuildWars2 extends SimpleOauth{
	protected $_prefix = 'guildwars2';
	protected $_authorize_url = 'https://account.guildwars2.com/oauth2/authorization';
	protected $_access_token_url = 'https://account.guildwars2.com/oauth2/token';
	protected $_scope = ['account', 'offline'];

	protected function authorize(array $scope = [], $scope_separator = '+', $attach = null){
		parent::authorize($scope, $scope_separator, '&response_type=code');
	}

	protected function requestAccessToken(
		$method = 'GET', 
		array $params = ['grant_type' => 'authorization_code'], 
		$returnType = 'json', 
		array $values = ['access_token', 'token_type', 'scope', 'refresh_token']
	){
		parent::requestAccessToken($method, $params, $returnType, $values);
	}

}

€: https://gist.github.com/codemasher/89a909626724d929fd04

This is awesome! Thank you for the hard work, this will be very useful for my website!
I’ll get this up and running to show it off as soon as my hosting gets cleared!

aham, I understand nothing of this.

thankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyou
:-)

It’s great to see what awesome things you guys have been making! Can’t wait to start using this. Keep up the great work

Lawton Campbell.8517:

OAuth2 is more-or-less designed for web applications.

If there’s a lot of demand for native applications we can look into adding EVE-style API keys (wherein the user can generate a long-lived token via the account site and copy-paste it into your application), but for now just assume that you need a webserver.

Also, unrelated, I pushed my example Go application to the Github repo.

I’d love to see EVE style API keys (seriously EVE probably has the best game API out there).
Since we from GW2.NET develop towards both ends (i.e. Web and Desktop) we are in need of something which does not need a callback server. Building towards only one end is in my eyes a bit narrow minded and we would like to see support for API-Keys.

I really think the demand is there. If we look at the wrapper section in the wiki we can see that a good portion of them are written in languages mainly used for desktop applications. The list of applications looks a bit different, still a good portion of desktop stlye applications. However I think most of these applications will use one of the previously listed wrappers, especially if it gets to complicated things like authentication, since this makes everything a lot easier.

@Pat & Lawton
maybe you want to change the information description for users?
I know.. this is bleeding edge, but maybe you want to keep this in mind during release:

Currently a user will be asked if the application is allowed to see some “general account information”.
As good as I know my ppl from Germany (maybe this isn’t a German-thing after all?) they care about what this general information may be.

If the application is only able to see the name of the account and its world just tell the user or give him/ her examples. The “general information” is too generic and maybe understood as realname, address information, ..

Cheers,
Chaly

@Pat Cavit @Lawton Campbell

You guys just made my day, I’ve been waiting for this one.

I assume this in the future this will allow us to retrieve information like Achievement points,
and account characters from the /v2/characters endpoint?

for the last year I have been developing a custom CMS dedicated exclusively to Guild Wars 2, so you can see how this integration is an awesome news for me ( even bigger than the expansion)

The API is fully integrated on the system, its used from simple item views to fully track the user investments on TP

This is the cherry on the top of CMS, I really believe this will make our users really happy.

Guys, again you have made my day.

Hey, first of all, I’m super hyped with this, cause if we get more API’s there are super cool things to do with it, I can’t wait to see that things^^

BUT are you serious, Anet? That formatting isn’t funny at all -.-

Need some help for this error. Is there anything I am missing?

https://account.guildwars2.com/oauth2/token?grant_type=authorization_code&redirect_uri=http://localhost:8080/oauth2/callback&client_id=gw2_api_demo&client_secret=0357A930-2126-4C87-A006-5AB470298ADA&code=[INSERT-CODE-HERE]

{
error: "internal_error",
error_description: "49:1014:8008:353"
}

So here’s a working PHP example: https://gist.github.com/codemasher/89a909626724d929fd04

BugsBanni.1397:

BUT are you serious, Anet? That formatting isn’t funny at all -.-

Most of the account site isn’t compatible at a resolution less than 800px width.
You may want to take a look at https://account.guildwars2.com/account/security having the same issue as you mentioned above.

Nobody ever had a problem with the account website on mobile devices. This may change when ppl start using authorized apps on their phones or tablets.
Anyway, I don’t think this is a critical bug, it’s just ..erm..

Instead I really care about the “general account data” information because of my overcautious countrymen in the EU as mentioned above. Even if this one seems to be a cosmetic issue too.

smiley.1438:

So here’s a working PHP example: https://gist.github.com/codemasher/89a909626724d929fd04

I also used SimpleOpenAuth ,if we’d just already can register apps..

Lawton Campbell.8517:

Pat Cavit.9234:

Khisanth.2948:

What is the difference between the account ID and account name?

ID is a GUID, Name is a string like the one you can enter into the contacts list in-game.

Name is also what’s displayed on the forums.

In that case I suggest some renaming.

Account Name is the email address according to the launcher and what is displayed on the forum is usually referred to as the Display Name.

Creativewild.6319:

@Pat Cavit @Lawton Campbell

You guys just made my day, I’ve been waiting for this one.

I assume this in the future this will allow us to retrieve information like Achievement points,
and account characters from the /v2/characters endpoint?

for the last year I have been developing a custom CMS dedicated exclusively to Guild Wars 2, so you can see how this integration is an awesome news for me ( even bigger than the expansion)

The API is fully integrated on the system, its used from simple item views to fully track the user investments on TP

This is the cherry on the top of CMS, I really believe this will make our users really happy.

Guys, again you have made my day.

Ola tuga

Let me know what site u use so i can take a look, here is the one i use for TWIN with fubared login http://axyd.us/joomla/

Is the ID, Name, or both primary/unchanging keys?

I imagine that same question is going to come up again for characters

The OAuth2 library I am using (perl’s Net::OAuth2) wants to add “Host: account.guildwars2.com:443” to the access token request header. This results in a 403 error from the server.

It works fine if the header is set to “Host: account.guildwars2.com” or left out entirely.

I was able to make changes to the library code to fix it for myself, but other users and possibly other libraries may come across this problem.

Lawton Campbell.8517:

Nabrok.9023:

The OAuth2 library I am using (perl’s Net::OAuth2) wants to add “Host: account.guildwars2.com:443” to the access token request header. This results in a 403 error from the server.

It works fine if the header is set to “Host: account.guildwars2.com” or left out entirely.

I was able to make changes to the library code to fix it for myself, but other users and possibly other libraries may come across this problem.

Could you capture and paste the request that’s returning 403 (make sure to remove the “code” and “client_secret” parameters from the query string)? I’m totally unable to reproduce the behavior from the host header alone.

Sure, I attached the two request headers (one that works, one that doesn’t) to avoid forum formatting.

Same thing is happening with any of the endpoints, here’s a test perl script ….

#! /usr/bin/perl

use LWP::UserAgent;

my $ua = LWP::UserAgent->new;

my $api_uri = 'https://api.guildwars2.com';
my $url = $ARGV[0] || $api_uri.'/v2/build';

my $response_with_port = $ua->get($url, Host => 'api.guildwars2.com:443');
my $response_without_port = $ua->get($url, Host => 'api.guildwars2.com');

print "With port: ".$response_with_port->status_line."\n";
print "Without port: ".$response_without_port->status_line."\n";

exit;

And the results …

With port: 403 Forbidden
Without port: 200 OK

Pat Cavit.9234:

We’ll work on making those strings a little more specific, if anyone has any examples of sites that do a really good job of describing OAuth scopes in consumer-friendly language I’d love a link. Most in my experience has been similarly-generic text.

GitHub.

https://help.github.com/articles/connecting-with-third-party-applications/

Thanks Pat, Lawton, and everyone else there working on the APIs!

Looking forward to being able to register applications for use with this, it’ll take some of the headache out of user authentication

I am getting mixed results when retrieving back account data from using the token.
One of my accounts returns back “undefined” while the other does return the four pieces of information. The only difference I can think of is that the account with undefined results has the mobile authenticator enabled. Anyone else have similar result?

I get through the oauth redirect/callback ok and swap the code for an access_token successfully. Requests to /v2/accounts result in {"text":"ErrBadData"}

Trying the node.js scripts results in printing “undefined”

Olsria.9608:

I get through the oauth redirect/callback ok and swap the code for an access_token successfully. Requests to /v2/accounts result in {"text":"ErrBadData"}

Trying the node.js scripts results in printing “undefined”

I’m now getting the same error. Was working yesterday.

Lawton Campbell.8517:

Pat Cavit.9234:

Lawton found the cause. He’s chatting with some folks about how to a) fix it and b) prevent it from breaking like this in the future.

Quick reminder…

Pat Cavit.9234:

This is considered BETA-quality at the moment

The error should now be resolved. Sorry about that.

You guys are awesome, the account works for me now.

How long does the access token and refresh token last before they expire?

I Am Dansker.7105:

How long does the access token and refresh token last before they expire?

Yes, could we get “expires_in” included with the access/refresh token response please?

It’s as offtopic as it gets, but I just wanted to throw in that I’m really amazed by these threads and the work on the repo. This is real collaboration and motivates me as a developer immensely.

Thank you for working with us!

Just finished my work on OAuth 2 thirdparty authentication and API implementation for WoltLab Burning Boards.

Can’t wait for the app registration release =D

You did great job there

Thanks for the new update! This should open up some awesome new avenues for apps. I’ll make sure that all the participants in the Overwolf app challenge are aware of this.

~ Raif the Overwolf Community Manager