-
Notifications
You must be signed in to change notification settings - Fork 1
FAQ
No. As of now, it is not possible to use GW2Auth without creating an account.
No, at least not in a user-friendly way.
If the application you want to use GW2Auth with didn't integrate it yet, feel free to contact the administrator of the application you want to use.
Good news: You can create a client whenever you like to. GW2Auth uses OAuth2.0 to authorize clients.
If you need help to integrate GW2Auth into your application, feel free to contact me (see: Legal for ways to contact me)
Without using GW2Auth, you most likely give external applications API Tokens which you create on the official website of GW2. These API Tokens will never expire, they will work until you remove them on the same website again.
In general, it is a best-practice to create one API Token on the official website per application you want to use. However, in practice I've heard of many (including myself) people using one API Token with full permissions and giving this API Token to every application they want to use.
GW2Auth solves this problem by exclusively passing subtokens to authorized applications. These subtokens are created by GW2Auth in the background and are only valid for 30 minutes after creation. Once a subtoken expires, an application has to request new ones at GW2Auth. Everytime an application requests these new subtokens, GW2Auth checks if you removed the applications access in the meantime. If you removed the applications access in the meantime, GW2Auth will not create new subtokens for this application and the application will not be able to access the Guild Wars 2 API on your behalf anymore.
While being logged in at GW2Auth, you can check at which times an application tried to retrieve new subtokens and you can remove an applications access at any time, by removing the application in your account panel.
You don't have to worry about managing API Tokens of users yourself. You can also store additional data to a user on your side, using the user-identifier which is present in every OAuth2 Access Token.
If your application requires some kind of Guild Wars 2 Account verification: Good news! By requesting the scope gw2auth:verified, each Access-Token will contain an additional field named verified for each authorized token.