MelonLand Passports (API + Auth + Hyper Actions)

[Melooon]

MelonLand Passports

Aha  It's you again! You've found the info thread for the MelonLand Passport system, this is a collection of tools including the API, mAuth and Hyper Actions, that allows you to create your own web apps, sites, games and stufffff, using MelonLand accounts and open data.

The main goal of this project is to make it really easy for people to create their own web apps, without having to worry about making or managing user accounts. So, instead of making a lil community site and trying to convince a few people to sign up to it, you can make a site and instantly allow all 3000 moderated and vetted melonland members to access it with no extra accounts needed 

I should also credit @dream for the initial idea, we've been discussing this project for over a year and its slowly been taking shape!

For members: When you visit a site offering passport support, it will offer you a link asking for your MelonLand passport, click it, and you'll be shown what data the site is requesting. You can agree or deny. If you agree, site will keep you logged in untill you log out of the forum (then you have to agree again)

You can try a live version of the demo hosted on my blog server: https://thoughts.melonking.net/melonland-api-demo.php

For developers: You just include the API helper file in your project, and from there your able to access MelonLand accounts with a few easy functions! You can also access the API, and create Hyper Actions!

A view of the passport request screen:

What is mAuth and is it like oAuth? - mAuth is an authentication system, but its not like oAuth. It lets external websites you approve, access your id & username, for as long as you are logged in. This essentially means an app can piggyback off melonland accounts and use them in place of its own accounts system. Sites that use mAuth are the Wiki, Letters and the Everyone Site (although you don't see the approve screen or them  )

What is the API? - The MelonLand API is a public interface that can be used for getting data about the forum. You've actualy used it before, its used by Art Hub gallery embeds and Artifact embeds.

What are Hyper Actions? - These are new, they let you perform actions on the forum. For example if you click here, you can enter a hyper action that sends me 1 of your swap credits  (this is the only hyper action I've made so far...)


How do I get started??

To make use of Passports right now you'll need a PHP server and some basic PHP experience. I have attached the main melonland-api.php file you'll need, plus a basic demo file you can play with!

In the future I hope to port these over to JavaScript too, but to start with here's what ya get!

Multiple parts of the forum already use this system (such as the Nav) to access data, so it does work well, but I expect it will still break horribly being public, so please report bugs and let me know how it does! 

   GOOD LUCK 

[TheFrugalGamer]

This is awesome!!! Thank you so much! I honestly don't have any ideas for this at the moment, but it opens doors, if you know what I mean. I will definitely be playing with it soon!

[Dan Q]

I'm super excited to play with this, as you might have expected. My life's gonna be super busy for the next week or so but maybe I'll get to try it out after that!

There's all manner of interesting ideas I've been thinking about playing with that would be improved by something mAuth-ey.

[Dan Q]

Not played with this properly yet, but (from a quick whitebox code review) I've a couple of thoughts (all really minor!):

Code

function downloadMemberData($clientKey, $appOrigin, $extraData = [], $returnPath)

This function defines a required parameter after an optional parameter, which has semi-undefined behaviour. Possibly you wanted to used named parameters (although that would lock the API to PHP 8+, which might not be what you want)? But given that the other parts of the API always pass a parameter here, perhaps the signature should be:

Code

function downloadMemberData($clientKey, $appOrigin, $extraData = [], $returnPath)

You're suggesting that this file is placed in the top of the application directory. In that case, you might like to add to the top of the file something like this:

Code

if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME']))
{
    header('HTTP/1.0 404 Not Found');
    exit;
}

That'll mean that if a user goes directly to the /melonland-api.php file (which doesn't do anything by itself), they get a 404, rather than a blank page.

[Melooon]

That'll mean that if a user goes directly to the

Great! That's a good suggestion, I also added a few extra comments explaining parameters better!

[Dan Q]

It's probably harmless that there's no domain validation on action requests, right...? 

I only ask because if you click this link you'll probably be asked to give an unreasonably huge number of swap credits to me... so obviously you'll click "deny"... and then...

(It's a silly joke. I can't help but poke at the edges of things.)

[pyrrhic7]

This is so neat! I've long wanted to build an experimental, tiny exportable pet game (something I imagine MelonLanders would especially vibe with). This announcement is just the push I needed to make a humble start on it Thanks for setting this up!