-
Notifications
You must be signed in to change notification settings - Fork 0
GoG: Authentication and other APIs
Paweł Lidwin edited this page Feb 2, 2022
·
1 revision
Certain more user specific endpoints require Authentication.
It's handled by Authorization: Bearer <ACCESS_TOKEN> header, which must be included in some endpoints.
This URL allows app to get authorization code, which will allow us to obtain access_token.
If you are using frameworks like CEF or Electron. This should be embedded in window for user to authenticate.
It's bad idea to open it in user's browser since it doesn't allow for callbacks.
Page just redirects user to https://embed.gog.com/on_login_success?origin=client&code=<CODE> with CODE as parameter
https://auth.gog.com/auth?client_id=46899977096215655&redirect_uri=https://embed.gog.com/on_login_success?origin=client&response_type=code&layout=client2
You can optionally change layout to galaxy, it will make it look like login in Galaxy
CODE is obtained in previous step
https://auth.gog.com/token?client_id=46899977096215655&client_secret=9d85c43b1482497dbbce61f6e4aa173a433796eeae2ca8c5f6129f2dc4de46d9&grant_type=authorization_code&redirect_uri=https://embed.gog.com/on_login_success?origin=client&code=<CODE>
{
"access_token": "<ACCESS_TOKEN>",
"expires_in": 3600,
"token_type": "bearer",
"scope": "",
"session_id": "<SESSION_ID>",
"refresh_token": "<REFRESH_TOKEN>",
"user_id": "<USER_ID>"
}Usually after an hour token is expired.
https://auth.gog.com/token?client_id=46899977096215655&client_secret=9d85c43b1482497dbbce61f6e4aa173a433796eeae2ca8c5f6129f2dc4de46d9&grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>
{
"access_token": "<ACCESS_TOKEN>",
"expires_in": 3600,
"token_type": "bearer",
"scope": "",
"session_id": "<SESSION_ID>",
"refresh_token": "<REFRESH_TOKEN>",
"user_id": "<USER_ID>"
}