I'm creating a tool that will essentially connect with your RuneScape character and allow for the retrieval of stats/info from places like the alog or RuneStats/current API. That's not difficult at all, but what I'd like to do is to be able to verify that the user actually is in possession of the account they're trying to link somehow. I've been brainstorming ways of doing this that does not involve the user passing over login details (something I definitely don't want to do).
I've identified two ways of doing this currently:
1. Create a forum thread somewhere, my app would create a unique identifier that would have to be posted by the user using their account. The app would match up a poster with their expected identifier, and if matched thus proves ownership. I believe Zybez did/does this with their price market?
2. Ask the user to manually gain a nominal set amount of xp (such as "gain 11 xp, then log out). If the xp changed is the expected amount, it would be enough to verify ownership.
I'm left with those two options, and to be honest it feels like jumping through hoops to accomplish something that could be some safer though something like oauth.
I know this is a longshot but is it possible there's an easier method on the horizon? These requests usually go nowhere but it doesn't hurt to ask right? I'm sure such a thing would be useful to other fansite staff too who wish to create their own tools.
And if not, does anyone have easier methods that aren't listen above? Would love to brainstorm.
Runeclan has a good way of doing it but it requires you to be in a clan system, it check the world your in and gets you to log in to three random worlds
Creator of the
Clan Leader Discord
& Clan Discord
Lead Developer of The Clan Network
Clan Leader of
Bound Links
Oh hey that's pretty inventive, I forgot that it displays a player's world on the clan pages. I suppose that only works for players that are in a clan, so a check will be needed for that.
