BAB Client Registration

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

BAB

BAB is an OpenID Connect Provider that links up with BYOND in order to authenticate BYOND users. It is open core with the code being available at the following repository: https://github.com/alexkar598/bab

While it is recommended to make use of OpenID features, it is possible to use BAB as a plain OAuth2 server and using the access_token on /auth/userinfo. Note that you must still request the openid scope.

Discord message:
I've created an OpenID/OAuth2 Provider that integrates with the BYOND hub. Anyone is free to sign up to use it altho client registration is done manually. The project is mostly open source at <https://github.com/alexkar598/bab>, and hosted at <https://bab.yogstation.net>. The OpenID code and id_token grants are implemented along with OpenID discovery (<https://bab.yogstation.net/.well-known/openid-configuration>). Unfortunatly, due to a critical component being closed source(the bit that talks to the BYOND hub), it is not possible to self host this and if you want to use this, you have to trust me and my service to return the correct information on users. For people without the ability to use auto discovery, the endpoints are located at the following locations:
-Authorize: <https://bab.yogstation.net/auth/authorize>
-Token: <https://bab.yogstation.net/auth/token>
-Userinfo: <https://bab.yogstation.net/auth/userinfo>
-Signing keys: <https://bab.yogstation.net/auth/keys>

Security information:
- Obviously, you have to trust me to return accurate information about users
- If intercepted, the byond certificate may allow an attacker to pose as a user until the certificate expires or the user logs out of BYOND in their web browser (tokens will however still be valid)
- Signing keys are rotated every 3 days, old keys are purged and no longer published after 15 days. Private keys are always deleted as soon as a new one is generated (every 3 days)
- Improper setups may result in security vulnerabilities in the way you interact with my service. If you aren't sure of what you're doing, always pass the state parameter to /authorize and do not request the id_token grant or a client of type Public

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms