As a natural next step to publishing a Steam Web API library to Maven Central, I have now implemented login with Steam OpenID to play.kilumanga.com. At the time of writing this, it’s basically a POC of the authentication/validation flow, where the end result is a view that shows your Steam ID.

As you might be able to tell from the above GIF, or by visiting the app yourselves, the app is using a backend running on Heroku. The reason why I haven’t enabled it to run on my own domain (e.g. api.kilumanga.com), is because SSL with custom domains on Heroku are not available for free dynos. This means the backend needed to have CORS enabled, at the very least, for my domain.

I imagine it must be possible to proxy requests through my own domain, using a virtual host on an Apache server, but that would require either setting up a new server - which I would like to avoid, because I would exceed a free tier usage limitation - or using the existing one - which I would like to avoid, because I don’t want to couple the servers together too tightly.