RAMPAGE OAuth System

system · April 5, 2022, 11:43pm

RAMPAGE OAuth

RAMPAGE provides an OAuth system that is free to use for our community!

Login

Redirect a user to id.rampagestudios.org/login/sso with query ?return_url=returnwebsite&scopes=abc.

Replace scopes with the data you want to get returned to you.
Replace return_url with your PHP script to receive the user data.

Scopes and return_url are required for it to work

Scopes

Roblox Scopes

roblox_username
Roblox username
roblox_display
Roblox display name
roblox_id
Roblox user id
roblox_avatar_url
Roblox avatar (URL)
roblox_description
Roblox description
roblox_banstatus
Roblox Ban Status (boolean)
roblox_username_history
Roblox Username History
roblox_groups
Roblox Groups you are in

RAMPAGE Scopes

rampage_id
RAMPAGE User ID
rampage_email
RAMPAGE Email

Target Scopes

target_roblox
Must add this if you need roblox scopes (roblox_id, roblox_ username, etc)
target_rampage
Must add this if you need rampage scopes (rampage_id, rampage_email, etc)

If the target scopes are NOT added, you can’t interact with oAuth server to get the data.

Example: https://id.rampagestudios.org/login/sso?return_url=https://example.com/return.php&scopes=target_roblox,roblox_username

Properly encoded:
https://id.rampagestudios.org%2Flogin%3Freturn_url%3Dhttps%3A%2F%2Fexample.com%2Freturn.php%26scopes%3Droblox_username&3Dtarget_roblox

To url encode, I recommend using this website or use this PHP method:

$myurl = "https://id.rampagestudios.org/login/sso?return_url=https://example.com/return.php&scopes=target_roblox&roblox_username";
echo urlencode($myurl);
// Returns
// https://id.rampagestudios.org%2Flogin%3Freturn_url%3Dhttps%3A%2F%2Fexample.com%2Freturn.php%26scopes%3Droblox_username&3Dtarget_roblox

Handle Responses after return

Success
If the login is successful, the user will be redirected to the return_url with an access key.

Example:
https://example.com/return.php?success=true&target_roblox_key=abc

abc is the example access key. Once you get the key, you are able to make a POST request
to RAMPAGE servers & request access to the data. Once the user is returned, your server has up to 2 minutes to make that request, otherwise, that data will be invalidated.

Key is named: target_platform_key. So if you use scope target_roblox it will be target_roblox_key.
If you are requesting login for more than just one platform, for example target_rampage, It will return target_rampage_key and target_roblox_key. Each key is unique and have there own timers.

We are in process of adding more platforms.

Make a POST request to:
https://api.rampagestudios.org/v1/oauth/request/index.php
with json body:

{"key":"abc","platform":"target_roblox"}

Platform is the target scope for the specific platform you had your customer login for.

Key IS case sensitive.

Our servers will return JSON back to your POST Request.

key is generated key we gave to your user who logged in.

Error
The error will occur when a user declines the authorization, no account is found, pending verification, or no Roblox account. Make sure to check with $_GET to make sure the login was a success.

https://example.com/return.php?failed=true

Request Data after Authorization

Make your requests to:
https://api.rampagestudios.org/v1/oauth/request/index.php

Success
This is the returned JSON sent to you if the login was a success.
(This is a example with the scopes: roblox_username, roblox_id, and roblox_avatar_url)

{"success":true,"roblox_username":"Roblox","roblox_id":1,"roblox_avatar_url":"roblox.com/avatar.png"}

Error
The error will occur when an invalid key has been entered.

{"success":false, "reason":"bad call"}

PHP Example

<?php
session_start();
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

function generate()
{
    return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
}

// Format URL
$scopes = array("target_roblox", "roblox_username", "roblox_display", "roblox_id", "roblox_avatar_url"); // Add scopes you want here.
$return = "https://demo.vq9o.com/oauth/index.php"; // Return here.

// Format the URL (Do not touch)
$scopes = implode(',', $scopes); // Format to comma-seperated-value
$url = "https://id.rampagestudios.org/login/sso?scopes=" . rawurlencode($scopes) . "&return_url=" . rawurlencode($return);

// Handle URL
if (!empty($_GET["logout"])) {
    echo "<b>Logged out!</b>";
    setcookie(session_name(), '', 100);
    session_unset();
    session_destroy();
    $_SESSION = array();
}

function GET($url, $fields)
{
    $ch = curl_init($url);
    $payload = json_encode($fields);

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    $result = curl_exec($ch);
    return json_decode($result);
    curl_close($ch);
}

if (!empty($_GET["target_roblox_key"])) {
    $GeneratedCheckURL = "https://api.rampagestudios.org/v1/oauth/request/index.php";
    $Fields = [
        "key" => htmlspecialchars($_GET["target_roblox_key"]),
        "platform" => "target_roblox"
    ];
    $data = GET($GeneratedCheckURL, $Fields);

    if ($data->success == true) {
        $_SESSION["rampage_oauth_session"] = $data;
        echo "<b>Authorized!</b>";
        echo "<p>JSON:</p>". json_encode($data);
    } else {
        echo "<b>Login authorization key is expired!</b>";
    }
} else {
    if (!empty($_GET["failed"])) {
        if (htmlspecialchars($_GET["failed"]) == true) {
            echo "<b>Login failed due to: Pending Verification, No Account Found, No Roblox Account, or another error.</b>";
        }
    }
}
?>

<html>
<link rel="stylesheet" href="https://rampage.host/bulma.css">
<link rel="stylesheet" href="https://demo.vq9o.com/oauth/style.css">
<link rel="stylesheet" type="text/css" href="https://rampage.host/bulma_tooltip.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Manrope:[email protected];800&amp;display=swap">

<nav class="navbar is-white topNav">
    <div class="container">
        <div class="navbar-brand">
            <a class="navbar-item">
                <p>Roblox <b>OAuth</b></p>
            </a>
        </div>
        <div class=" navbar-end">
            <div class="navbar-item">
                <?php
                    if (empty($_SESSION["rampage_oauth_session"])) {
                        echo '<a class="button is-light" href="'. $url .'"><img height="25" width="25"
                        src="https://rampage.host/roblox.png" alt="">&nbsp;Login</a>';
                    } else {
                        echo '<a class="button is-dark is-outlined" href="'. $return .'?logout=true"><img height="25" width="25"
                        src="https://rampage.host/roblox.png" alt="">&nbsp;Logout</a>';
                        echo '<p class="image is-32x32 has-tooltip-bottom" data-tooltip="'. $_SESSION["rampage_oauth_session"]->roblox_username . '">
                        <img src="'.$_SESSION["rampage_oauth_session"]->roblox_avatar_url. '">
                    </p>';
                    }
                    ?>
            </div>
        </div>
    </div>
</nav>

</html>

Javascript Example

const express = require("express");
const http = (...args) => import('node-fetch').then(({default: http}) => fetch(...args));
const cookieSession = require('cookie-session')
const app = express();
const PORT = process.env.PORT || 8080;
const scopes = ["target_roblox", "roblox_username", "roblox_display", "roblox_id", "roblox_avatar_url"];

app.use(cookieSession({
    name: 'rampage_oauth_session',
    keys: ["securekey123"],
    maxAge: 24 * 60 * 60 * 1000 // 24 hours
}));

app.get("/", (req, res) => {
    if (!req.session.rampage_oauth_session.loggedin) return res.redirect(`http://localhost:${PORT}/login`);
    res.redirect(`http://localhost:${PORT}/dashboard`);
});

app.get("/dashboard", (req, res) => {
    if (!req.session.rampage_oauth_session.loggedin) return res.redirect(`http://localhost:${PORT}/login`);
    res.send(req.session.rampage_oauth_session.data)
});

app.get("/logout", (req, res) => {
    if (!req.session.rampage_oauth_session.loggedin) return res.redirect(`http://localhost:${PORT}/login`);
    req.session = null;
    res.send("Logged out!")
});

app.get("/authorize", (req, res) => {
    const target_roblox_key = req.query.target_roblox_key;

    if (!target_roblox_key) return console.log("No key found");

    const response = await fetch('https://api.rampagestudios.org/v1/oauth/request/index.php', {
        body: {
            key: target_roblox_key,
            platform: "roblox"
        }
    });
    const data = await response.json();

    if (!data.success) return console.log("Failed to verify success");
    req.session.rampage_oauth_session.loggedin = true
    req.session.rampage_oauth_session.data = data
    res.redirect(`http://localhost:${PORT}/dashboard`);
});

app.get("/login", (req, res) => {
    const scopesFormated = scopes.join(",");
    const returnURL = `localhost:${PORT}/authorize`;
    const redirect = `https://id.rampagestudios.org/login/sso?scopes=${encodeURIComponent(scopesFormated)}&return_url=${encodeURIComponent(returnURL)}`;
    res.redirect(redirect);
});

app.listen(PORT, () => {
    console.log(`Server is running on port ${PORT}.`);
});

Jake · April 22, 2022, 1:48am

~~We are still re-writing documentation with a new way of scopes & data processing, API endpoints are still on v1, we will let you know when it switches to this new v2 way of processing data.~~

V2 API is now live. More platforms are being slowly added! A warning screen has been deployed for applications detected on V1.

Jake · April 22, 2022, 1:48am

KadenBlox · August 12, 2022, 9:12am

I LOVE THIS!!! Keep up the great work! I’d love to see discord scopes too!

Jake · February 10, 2023, 9:19pm

API Version3

Version 2, and 1 are now deprecated.

Update Guide

This guide is for web server operators, not for end-user clients.

Replace https://api.rampagestudios.org/v1/oauth/request/index.php with https://id.rampage.place/oauth-api/redeem.

Repalce https://id.rampagestudios.org/login/sso with https://id.rampage.place/oauth

Version 3 will still require the same previous arguments.

Linking with V3

You can link platform accounts at https://id.rampage.place/link & select the desired platform and do the process

What does V3 look like?

OAuth Design is temporary, a better modern design will be improved soon.

Jake · February 20, 2023, 1:06am

PHP Example with multiple platforms.

The Code

$scopes = array("target_rampage", "rampage_id", "rampage_dname", "rampage_name", "rampage_email", "target_discord", "discord_id", "discord_email");
$scopes = implode(',', $scopes);
$return = "https://secure.example.com/login";
$url = "https://id.rampage.place/oauth?scopes=" . rawurlencode($scopes) . "&return_url=" . rawurlencode($return);

// Handle Logging out
if (!empty($_GET["logout"])) {
    echo "<b>Your account has been logged out.</b>";
    setcookie(session_name(), '', 100);
    session_unset();
    session_destroy();
    $_SESSION = array();
}

// Function for cURL Http Requests
function HttpRequest($url, $fields)
{
    $ch = curl_init($url);
    $payload = json_encode($fields);

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    $result = curl_exec($ch);
    return json_decode($result);
    curl_close($ch);
}

// Handle login returns
if (!empty($_GET["target_rampage_key"])) {

// Verify keys
    $rampage_data = HttpRequest("https://id.rampage.place/oauth-api/redeem", [
        "key" => htmlspecialchars($_GET["target_rampage_key"]),
        "platform" => "target_rampage"
    ]);
    
    $discord_data = HttpRequest("https://id.rampage.place/oauth-api/redeem", [
        "key" => htmlspecialchars($_GET["target_discord_key"]),
        "platform" => "target_discord"
    ]);

    $success = true;

    if (!$rampage_data->success) $success = false;
    if (!$discord_data->success) $success = false;
    if (!$success) echo "<b>Login authorization key is expired, unable to login.</b>";
    
// If successful, then log in the user.
    if ($success) {
        $_SESSION["rampage_oauth_session"] = array_merge($rampage_data, $discord_data);
        echo "<b>Account authorized!</b>";
        echo "<p>Payload:</p>" . json_encode($data);
    }
} elseif (!empty($_GET["failed"])) {
    if ($_GET["failed"] == true) {
        echo "<b>Login failed due to: Pending Verification, No Account Found, or a system error occured at id.rampage.place.</b>";
    }
}

<?php
if (empty($_SESSION["rampage_oauth_session"])) {
    echo "<script>window.location='$url'</script>"; // redirect for login
} else {
    echo $_SESSION["rampage_oauth_session"]->rampage_id; // display data
}
?>

Jake · March 13, 2023, 1:41am

Expire time has increased from 2 minutes to 5 minutes to last longer.