agentd00nut

Heh, I realize now how that sounds malicious... Ironically i'm actually trying to abide by the ToS where it says... "The Steam Web API may require a licensed Steam end user to authenticate a Steam account. You will abide by the Steam Web API documentation and, in particular, you will not intercept or store the end user's Steam password on log in." Asking the user for their password seems like it could be interpreted as "intercept"ing it since i have to handle it long enough to send the login request. So i was looking for a valid method to login for them without directly having them give me their password. Wasn't trying to find a way to access peoples data without their consent, though on the surface it definitely seems that way, sorry about that.

Is it possible to login without asking for the users password and retain much or all of the functionality of steam-user? This page Says that asking users for a username and password is against the terms of use. Obviously this isn't an issue for yourself or friends but on the very off chance the app or website using steam-user gets popular i'd hate to have valve get annoyed about it. They say to use openID however, from what i can tell, all that will do is return to you the steam user id that the user was authenticated as... Obviously this isn't that great for say, trading, or sending messages, or setting personas or avatars ( which uses the web cookies ). I'm not familiar with openID so maybe more is returned but it after a bit of digging i don't think that's the case. Obviously after a user has logged in once i can set "remember password" and just hope that the loginkey stays valid for a long time. Essentially i'd like to let users login but not directly have to ask them for their password