It would be nice to have an authentication API for cfx.re accounts. For instance, a CAD web application might allow users to sign up with their cfx.re account, associating a cfx.re identifier with their account. This way, user data can be easily synced between the game and the CAD application. Let’s say an admin adds the “moderator” rank to a user registered in the CAD via the online web interface. A FiveM resource could then check which rank the player has by looking up their cfx.re identifier in the database, and set their permissions accordingly.
Pretty sure this is already possible, but not sure if it’s something Cfx wants people to use. You can see how its already done by txAdmin.
If you’re doing such a thing yourself, please just use the Discourse User API Key flow directly: User API keys specification - developers - Discourse Meta
Why would Cfx not want us to use this? I don’t really understand the code you sent either, do you think you could summarize what they are doing? From what I see, it seems like it’s a node.js application using the openid-client (not familiar with it just figured out about it) package for user authentication with token-based authentication (also not familiar with). From the article, I understand the gist of token-based authentication but am confused as to how it is applied with FiveM. Especially, on line 26 where fivemIssuer is defined. What are those URLs (i.e. https://idms.fivem.net) where did they find them? I will likely have to make my own implementation in Django, but I do not understand what is going on lol.
Ok, I certainly will. I am realizing now, however, that not every player on FiveM will have a cfx.re account, right? Is the cfx.re account only related to the forums? If I remember correctly, when you first install FiveM, there are no accounts associated with your FiveM client, unless that has changed. In that case, in order for players to be authenticated would they also have to make an account on the forums?
Didn’t know this was a thing
Correct, there’s no external account identifier anyone is guaranteed to have. There’s the game license token which is a hash of a R* account ID, but that one is often obtained through external sources (Steam/RGL auto-login) and only exists as a long-gone grant for the most part during gameplay.
At least one can assume the Cfx.re account identifier will remain existent for the lifetime of the project, unlike Steam/Discord who have tried to revoke our access at least once in the past.
Ok, that’s what I assumed. I may just opt for discord, as players will be required to join the discord server to play. Anyway, thanks for the help!
… you are aware that Discord identifiers in game are also very not reliable as they have removed our ability to authenticate like 3 times by now without any prior warning, right?
Not sure at all where this trend of “must join a Discord community to play” comes from lately.
No, not other than what you just mentioned. That’s a shame, what’s their reason behind it?
And for me, the reason I would want people to join the discord is for an easy way to push announcements to people and provide information, but I haven’t really put much thought into it yet. Now that you mention this, it makes me not want to use it, as it is also just another wall to getting in the game.