Passing state to steam & back

[astralmedia]

I have been trying for a few days to get passport-steam to pass a state object to steam, which I need to receive with the return_url.

Can you verify this works, and potentially point me in the right direction for how to pull it off?

Thank you so much!

[mdabdulbari]

Were you able to find a way?

[herzog0]

I'm interested in the same feature. Does anyone know if this is available in any form?

[THE-SIMPLE-MARK]

I'm interested in the same thing! Steam Auth is essentially useless for me this way because I don't know which user's Steam data I got, please implement this or tell us how to do this!

[loeiks]

Steam with openid doesn't include any state which means it's stateless and because of that we don't get the passed state back with the returnUrl.

Instead we get a generated nonce by openid. I'm not sure how can we use this nonce to prevent replay attacks and verify users etc. But I know it's not possible to send a state with Steam.

I think there should be a way to verify that nonce which also includes a timestamp that you can use to verify users but it's not a very good option because you will only get hour, min and sec nothing more (with day month and year ofc). I'm still in research to find a way to pass a state or find a way to somehow verify it.