Quantcast
Download
(181 Kb)
Download
Updated: 05/21/18 07:24 PM
Pictures
File Info
Compatibility:
Summerset (4.0)
Dragon Bones (3.3)
Clockwork City (3.2)
Updated:05/21/18 07:24 PM
Created:11/24/15 12:42 AM
Monthly downloads:24,635
Total downloads:326,432
Favorites:303
MD5:
4.0
Tamriel Trade Centre  Updated less than 3 days ago!  Popular! (More than 5000 hits)
Version: 3.14.728.39828
by: cyxui [More]
The addon for http://tamrieltradecentre.com/

TTC needs localization help! Current plans is to translate for all official languages (German, French and Japanese). If you are willing to help with the translation please go to google sheet (https://goo.gl/q6xBPq) and fill in the German/French/Japanese Translation Columns as much as you could. Do remember to make a copy in case of conflicts or trolls.. cough cough...


By downloading this addon you agree to the Terms of Service and Privacy Policy

For Mac users and people whos afraid of exe file. Webclient (beta) is available online. Go to http://tamrieltradecentre.com/ and select your region. Click on Addon -> Webclient and follow the instructions


Global trade search tool needs YOUR help.

By running our addon and client. Your guild listings as well as any item you seen by using guild store search function will be automatically upload to the site for other people to search and browse. The collected data will also be used to generate price info for everyone~

If you want to contribute more to the community or if you wish to help boosting up your guild's sale by uploading an entire guild's listings, you are more than welcome to do so!

Here are some screen shoots of the site, addon and client












Install Instruction 

1. Download and unzip the files under ESO addon folder (default is Documents\Elder Scrolls Online\live\AddOns) Or you can install it with Minion
2. When you are playing ESO, run the client executable (client.exe) under Client folder
3. Enjoy the game


For first time of use 

For the first time only, you need to go to bank NPC -> click on Guild Store. A dialog box should pop up asking you to wait while the addon scan existing guild listings. When finished, the "Auto scan completed" dialog will show up
.

Q:How does this addon work?
The addon collects all the item listings that you seen in the guild store and uploads them to the site. The site then uses all the data collected by all players to generate price info for everyone.
You can also use the website to search for the location of an item using way better filter than the default Guild store GUI. But it is not guarantee the item is still there since low price items tends to get sold fast. You will have to use your own judgment based on the last seen column to predict whether its still available.

Q:How is the suggested price calculated?
1. Remove outliers
2. AVG(price of the lowest 30% items) * 0.8

Q:Whats the difference between MM's price and TTC's price?
TTC uses the listing price and the MM uses sold price. By statistic and Economic, those two numbers should align given enough sample set

Q: How fresh is the pricing data?
Very fresh! Naw im kidding, its based on Data from yesterday

Q: How big is TTC
It uses around 6mb of RAM for pricing info and around 20mb at most for entries you have seen.



Detailed Instruction
FAQ
Client 3.14 Release Notes:
1. Summerset update
2. Only keeps auto scanned record for 6 hours instead of 24 hours to increase data freshness

Client 3.13 Release Notes:
1. Completely separates the storage space for NA and EU server. This should prevent EU listings get posted to NA site or wise versa.

Client 3.12 Release Notes:
1. Fixed a crash caused by Masterwrit info
2. Fixed a bug causing alchemy writ's required potion attribute not showing up.

Client 3.11 Release Notes:
1. Dragon Bones & Update 17 version bump
2. Upgraded LibAddonMenu to r25
3. Makes the error msg which alerts user about current guild does not own a kiosk a popup instead of a chat msg since the chat window is hidden when guild store is open
4. Auto hides the client's window when using the "start with windows" option
5. other small fixes

Client 3.10 Release Notes:
1. Uses file lock instead of Mutex since Avast hates Mutex after fall creator's update. TTC should be able to live happily with Avast again (Tested on Win 10 fall creator and Win 7 latest with Avast Free)
2. Small change to prepare for upcoming web client.

Client 3.9 Release Notes:
1. Added messages informing users when TTC is blocked by anti-virus instead of crashing right away
2. TTC will no longer add tooltip messages to item panel if there is no pricing information available

Client 3.8 Release Notes:
1. Enables CWC traders scanning for French, German and Russian clients

Client 3.7 Release Notes:
1. Clockwork city update (Note: French, German and Russian clients will not be able to scan clockwork city's trader until the localized NPC names are filled in the google sheet)

Client 3.6 Release Notes:
1. Store item will no longer get uploaded to the server if players attempts to buy it (even if player did not hit confirm on the prompt). This should further reduce the cases where the item is gone by the time one walks to the location.

Client 3.5 Release Notes:
1. Russian and Chinese localization
2. Fixed a problem causing master writ to have always show as no price info on German and French client
3. Enables upload for German/French/Russian/Chinese clients
4. New trader location algorithm should work on all localized ESO client now

Client 3.4 Release Notes:
1. Horn of the reach update
2. New algorithm to determine trader location. Should resolve all potential "this guild does not own a kiosk" errors caused by ZOS typo/inconsistent description. In the worse case scenario where the TTC is unable to detect the trader when player opened guild store interface from the bank NPC, the new algorithm will allow the player to scan by going to the actual trader NPC.
3. Solved all problem with localized clients, uploading is expected to be available for German/French players after the new addon strings are translated

Client 3.3 Release Notes:
Fixed an issue that was blocking Bal Foyen and Vivec city outlaws refuge traders' scan

Client 3.2 Release Notes:
1. Fixed an issue causing TTC to incorrectly parse potion's attribute when its a tri stat potion

Client 3.1 Release Notes:
1. Fixed an error during startup caused by SavedVarUpgrade.lua

Client 3.0 Release Notes:
1. German and French client beta. Enables in game price related operations while uploading is
disabled.
2. Fixed an issue causing in game displaying price updated 1 day ago while client is saying its up to date
3. Fixed an issue causing Deshaan Tal'deic trader to be not scannable
4. various other fixes

Client 2.35 Release Notes:
1. Added Vvardenfell trader locations

Client 2.34 Release Notes:
1. Morrowind updates
2. Centralized strings for localization

Client 2.33 Release Notes:
1. Updated NA's coordinator's iD
2. Fixed the issue causing launch ESO after client option not working with steam short cut.

Client 2.32 Release Notes:
1. Added option to auto start the client in silent mode with Windows or Launch ESO after the client (Which you can just replace the ESO's short cut with TTC client's short cut and it will run both)
2. Bug fixes and server related changes

Client 2.31 Release Notes:
1. Fixed an issue which causes some items to be removed and reposted every time Client starts
2. Fixed master writ's voucher reward amount calculation. Pricing for master writ might be unavailable for one day due to this change.
3. Uses TextBox instead of TextBlock for client's message display for copy paste support
Website Update:
1. Fixed master writ's voucher reward amount calculation. Wrong amount should diminish overtime.
2. Added Blacksmith/Clothing/Woodworking master writ's set, style, and trait information
3. Fixed an issue that sets Level to Level - 50 when you try to post trade manually

Client 2.30 Release Notes:
1. Fixed an issue which causes post trade to fail consistantly
2. Fixed a rare crash issue caused by corrupted config file resulted from unexpected Windows shutdown
3. Fixed an issue which causes TTC to report the current guild doesnt own a kiosk in Orsinium
4. Auto fix broken IDs caused by the massive name change that comes with Homestead update
5. Fixed an issue which causes client settings not get saved
New:
Support master writ price aggregation based on master writ detail instead of for all writs
Website Update:
1. Added amount filter in advanced search
2. Added master writ reward voucher filter in advanced search
3. Added master writ detail display
4. Database optimization
5. Added bunch new discovered furnitures into Database
6. Fixed many broken icons

2.29 change note:
1. Fixes a problem where the client wont start and says it is not in the original location. The problem is due to client not being able to detect server region (NA/EU).
A fallback mechanism is in place and should have a better error message when it fails
2. Fixes the problem of TTC not being able to detect potion/poison's effect due to description change


2.28 release note:
New:
1. Home stead API change
2. Automatically detects Server region instead of having users to set it themselves to prevent uploading items to the wrong server region
3. Automatically updates price table once 12 hours for people that keep the client running overnight
Bug fixes:
1. Fixes the issue which is causing client/server list out of sync and leave out dated trade listings not get cleaned up
2. Fixes the issue of client not automatically updates the guild's kiosk after it is changed
3. Adds a message to warn users about outdated price table
Archived Files (7)
File Name
Version
Size
Author
Date
3.13.827.1381
180kB
cyxui
03/10/18 07:22 PM
3.12.1927.48613
180kB
cyxui
02/13/18 05:55 PM
3.11.3827.17827
180kB
cyxui
02/12/18 09:42 PM
3.10.5681.30297
172kB
cyxui
12/24/17 01:48 PM
3.9.829.19737
172kB
cyxui
11/19/17 01:23 PM
3.8.291.82931
171kB
cyxui
10/25/17 09:53 PM
3.7.5318.31582
171kB
cyxui
10/24/17 09:11 AM


Post A Reply Comment Options
Unread 04/04/18, 06:00 AM  
Shadowshire

Forum posts: 1
File comments: 132
Uploads: 0
Arrow TTC 3.13 Client Error

After I quit playing TESO last night, and checked the TTC client before closing it, I discovered it was displaying an error dialog. The following is from the TTC Error Log dated 04/02/2018:
Code:
Monday, April 02, 2018
---------------------------------------------------------------------
System.Net.WebException: The remote name could not be resolved: 'us.tamrieltradecentre.com'
   at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
   at System.Net.WebClient.DownloadString(Uri address)
   at System.Net.WebClient.DownloadString(String address)
   at ESOTradeDesktop.Web.HTTPService.Get(Uri uri, NameValueCollection data)
   at ESOTradeDesktop.Web.HTTPService.Get(Uri uri)
   at ESOTradeDesktop.MainWindowViewModel.UpdatePriceTable()
The following is from the TTC Error Log dated 04/03/2018:
Code:
Tuesday, April 03, 2018
---------------------------------------------------------------------
System.Configuration.ConfigurationErrorsException: The configuration file has been changed by another program. (C:\Users\SYSOP\AppData\Local\ESOTradeDesktop\Client.exe_Url_e0lqoseu4rbuh5z21urigo5mhy2eehvn\3.13.6643.35852\user.config)
   at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
   at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.ClientSettingsStore.GetConfigSection(Configuration config, String sectionName, Boolean declare)
   at System.Configuration.ClientSettingsStore.WriteSettings(String sectionName, Boolean isRoaming, IDictionary newSettings)
   at System.Configuration.LocalFileSettingsProvider.SetPropertyValues(SettingsContext context, SettingsPropertyValueCollection values)
   at System.Configuration.SettingsBase.SaveCore()
   at System.Configuration.SettingsBase.Save()
   at System.Configuration.ApplicationSettingsBase.Save()
   at ESOTradeDesktop.MainWindowViewModel.ParseAndUpload()
   at ESOTradeDesktop.MainWindowViewModel.SavedVarFile_Changed(Object sender, FileSystemEventArgs e)
   at System.IO.FileSystemWatcher.OnChanged(FileSystemEventArgs e)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32 action, String name)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* overlappedPointer)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
The following is the text displayed in an error dialog at the time that I checked the TTC client prior to closing it:
Code:
2018-04-03

Content of Error Dialog Field: 

System.Configuration.ConfigurationErrorsException: The configuration file has been changed by another program. (C:\Users\SYSOP\AppData\Local\ESOTradeDesktop\Client.exe_Url_e0lqoseu4rbuh5z21urigo5mhy2eehvn\3.13.6643.35852\user.config)
   at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
   at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.ClientSettingsStore.GetConfigSection(Configuration config, String sectionName, Boolean declare)
   at System.Configuration.ClientSettingsStore.WriteSettings(String sectionName, Boolean isRoaming, IDictionary newSettings)
   at System.Configuration.LocalFileSettingsProvider.SetPropertyValues(SettingsContext context, SettingsPropertyValueCollection values)
   at System.Configuration.SettingsBase.SaveCore()
   at System.Configuration.SettingsBase.Save()
   at System.Configuration.ApplicationSettingsBase.Save()
   at ESOTradeDesktop.MainWindowViewModel.ParseAndUpload()
   at ESOTradeDesktop.MainWindowViewModel.SavedVarFile_Changed(Object sender, FileSystemEventArgs e)
   at System.IO.FileSystemWatcher.OnChanged(FileSystemEventArgs e)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32 action, String name)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* overlappedPointer)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
I have no idea which "other program" changed the TTC client configuration, as stated at the start of the above error message. I do know that when I attempted to delete the contents of the Sandboxie sandbox in which I run the TTC client, some unidentified "program" had one or more of the files in its sandbox open. I instructed Sandboxie to "terminate all programs" running in any and all sandboxes. After that, I could delete all of the sandbox contents. However, I copied the two error logs (above) to another location before I did that.

It is conceivable that a malicious program used the TTC client connection to the TTC server to intrude into my computer system. I did not find any evidence of a file, or an attempt to install malware. However, the most recent type of threat is called "fileless malware", because it runs solely in the computer system memory and never attempts to install itself on the target system. Regardless, Sandboxie would quite likely re-direct any attempt by such malware to access the file system to an empty folder in the sandbox. The malware, would, however, have access to any files which the TTC client creates in the sandbox, and to any files to which the TTC client has access in the file system on the SSD where they are stored.

Take care.
__________________
---- Shadowshire ..... nil carborundum illegitimi
Report comment to moderator  
Reply With Quote
Unread 04/02/18, 10:38 PM  
Alexs_Melody

Forum posts: 0
File comments: 7
Uploads: 0
2 cyxui
All is ok with new(03.04.2018) AV virusbase.
Probably this is a false alert with old bases.
Report comment to moderator  
Reply With Quote
Unread 04/02/18, 04:53 PM  
cyxui
AddOn Author - Click to view AddOns

Forum posts: 22
File comments: 207
Uploads: 1
Re: Virus..

Originally Posted by Tonyleila
Hey, sadly my anti virus (Kaspersky) always removes the exe of this programm so I can't use it. Can you fix this? Now it even blocks me from redownloading the AddOn!

Virustotal also shows 2 other programms that don't like your addon. https://www.virustotal.com/de/file/f...is/1522689225/

When I try to submit a false positive report Kaspersky asks me to scan the file first. And the scan result was clean for Apr 02 2018 22:31:11 UTC database. Maybe try to update your Kaspersky and give it another shot?

Kaspersky is probably seeing TTC has the following functions
1. Option to start with windows
2. Monitors a file's change (TamrielTradeCentre.lua saved variable file)
3. Download and Uploads data to the server

Antivirus companies hold the ultimate decision on whether they think its a virus or not and there is no way I can change that. The only thing I could do is to submit a false positive report and wait for months before they clear that, and then get flagged for the next version again.

Or

completely strip out feature 1, 2 and 3 which makes TTC unusable at all.

For people who are not comfortable with exe you can try out webclient (go to tamrieltradecentre.com and select addon drop down). Web client can do everything desktop client is able to do except 1 and 2 mentioned above. Its purely JavaScript that runs in your browser so there is like 0 chance of getting infected.
Last edited by cyxui : 04/02/18 at 05:05 PM.
Report comment to moderator  
Reply With Quote
Unread 04/02/18, 02:11 PM  
SoboL

Forum posts: 0
File comments: 2
Uploads: 0
Same problem
Report comment to moderator  
Reply With Quote
Unread 04/02/18, 11:43 AM  
Alexs_Melody

Forum posts: 0
File comments: 7
Uploads: 0
Re: Virus..

Originally Posted by Tonyleila
Hey, sadly my anti virus (Kaspersky) always removes the exe of this programm so I can't use it. Can you fix this? Now it even blocks me from redownloading the AddOn!

Virustotal also shows 2 other programms that don't like your addon. https://www.virustotal.com/de/file/f...is/1522689225/
+1
Report comment to moderator  
Reply With Quote
Unread 04/02/18, 11:19 AM  
Tonyleila
 
Tonyleila's Avatar
AddOn Author - Click to view AddOns

Forum posts: 255
File comments: 589
Uploads: 6
Virus..

Hey, sadly my anti virus (Kaspersky) always removes the exe of this programm so I can't use it. Can you fix this? Now it even blocks me from redownloading the AddOn!

Virustotal also shows 2 other programms that don't like your addon. https://www.virustotal.com/de/file/f...is/1522689225/
__________________
My Addons @ WoWInterface
Report comment to moderator  
Reply With Quote
Unread 03/27/18, 08:29 PM  
cyxui
AddOn Author - Click to view AddOns

Forum posts: 22
File comments: 207
Uploads: 1
Re: error message since last game patch

Originally Posted by Kyra
Hello
Since yesterday patch of ESO, i get the following error message from TTC add-on :
user:/AddOns/TamrielTradeCentre/PriceTable.lua:3: unfinished string near '<eof>'

And the price suggestion no longer works.

Hopefully uou can fix it soon !

Thanks
Kyra
try delete \Documents\Elder Scrolls Online\live\AddOns\TamrielTradeCentre\PriceTable.lua
Report comment to moderator  
Reply With Quote
Unread 03/26/18, 11:14 PM  
Kyra

Forum posts: 0
File comments: 3
Uploads: 0
error message since last game patch

Hello
Since yesterday patch of ESO, i get the following error message from TTC add-on :
user:/AddOns/TamrielTradeCentre/PriceTable.lua:3: unfinished string near '<eof>'

And the price suggestion no longer works.

Hopefully uou can fix it soon !

Thanks
Kyra
Report comment to moderator  
Reply With Quote
Unread 03/26/18, 06:40 PM  
necropola
 
necropola's Avatar

Forum posts: 0
File comments: 28
Uploads: 0
Re: Re: Re: Re: Oauth implementation issue

Originally Posted by cyxui
Originally Posted by necropola
Originally Posted by cyxui
Originally Posted by necropola
I just deleted SavedVariables because I logged into another ESO account (and I already know that this breaks the settings).

I'm now trying to recreate the settings from scratch and supply the same TTC account informatiion I used before, but the client not only asks for the account name (Login with Google) but also for a password which is VERY SUSPICIOUS.

I already have an authenticated chrome (default browser) session and I would expect the client to request an OAUTH/openid token (--> Asp.Net.ApplicationCookie) from that session and NOT to create a separate login session using some IE/HTML control and then ask for my google password. I cannot even see where this control connects too, whether the connection is encrypted, ...

They way "Login with Google" is currently implemented in the TTC client does not seem right and I would suggest to remove the feature until it's fixed. It just teaches bad/insecure habits, i. e. type in your (google) credentials into some random pop up window.

https://tools.ietf.org/html/draft-ie...native-apps-03
TTC's client uses embedded IE when you do login. And all of your login with FB/Google/MS stuffs are all handled by IE. TTC client will grab the tamrieltradecentre.com cookie from your IE cookie container and start from there. I don't even think Google even allow programmed access to OAuth with user name and password.
Hmm ... assuming that you have no browser running at the moment and never have authenticated to the TTC web site and/or to google (or rather cleared all cookies), does the client or rather the embedded IE ask for your google password or not?

This is how it looks after deleting all INetCookies: https://imgur.com/a/EZVem

Your (Native) App (or rather the embedded IE) should NEVER ask for the password. You should use/open the system/default browser instead. Please read the IETF Draft I have linked (section 8.1) or the corresponding 8.12 section from the updated version: https://tools.ietf.org/html/rfc8252#section-8.12

Code:
8.12.  Embedded User-Agents
[...]
Encouraging users to enter credentials in an embedded user-agent
without the usual address bar and visible certificate validation
features that browsers have makes it impossible for the user to know
if they are signing in to the legitimate site; even when they are, it
trains them that it's OK to enter credentials without validating the
site first.
ietf is just a recommendation on what would be ideal. But until we got OS support for such thing it is not that easy to achieve. Mobile OS already supports this so all the recommendations for mobile app are to use the SDK.

But for desktop app. Meh, you will have to hope this becomes a standard one day and MS would add that to windows.

I will just quote some recommendations:

FB:

"To use Facebook Login in a desktop app, you'll need to be able to embed a web browser (sometimes called a webview) within the app to perform the login process."

https://developers.facebook.com/docs...d-a-login-flow

Twitter:
Mobile and desktop apps should open a new browser window or direct to the URL via an embedded web view.

https://dev.twitter.com/web/sign-in/implementing


All the games that supports OAuth that I know does it this way.
MS, FB apps does it this way.

Default browser has NO standard event to notify desktop app about redirection nor does it have standard way to read cookies from.
Adding a system hook or Url hook would require Admin privilege which grants way more privilege than what that embedded browser can do. And it makes Anti-virus even more zealous about the client.
Regardless of how many others are doing it this way (doesn't make it any better), I think you get my point or rather the point of the RFC. It's really, really bad!

The RFC (and various google best practice documents) also suggest how to do it properly, i. e. open a system browser tab and use an URL handler listening on localhost for the redirect URL to receive the response. --> https://github.com/googlesamples/oauth-apps-for-windows

You can either stay in bad company (FB lol) and continue to teach bad practice or set a good example.
__________________
I am the beginning, the end, the one who is many.
Last edited by necropola : 03/27/18 at 07:21 AM.
Report comment to moderator  
Reply With Quote
Unread 03/26/18, 04:55 PM  
cyxui
AddOn Author - Click to view AddOns

Forum posts: 22
File comments: 207
Uploads: 1
Re: Re: Re: Oauth implementation issue

Originally Posted by necropola
Originally Posted by cyxui
Originally Posted by necropola
I just deleted SavedVariables because I logged into another ESO account (and I already know that this breaks the settings).

I'm now trying to recreate the settings from scratch and supply the same TTC account informatiion I used before, but the client not only asks for the account name (Login with Google) but also for a password which is VERY SUSPICIOUS.

I already have an authenticated chrome (default browser) session and I would expect the client to request an OAUTH/openid token (--> Asp.Net.ApplicationCookie) from that session and NOT to create a separate login session using some IE/HTML control and then ask for my google password. I cannot even see where this control connects too, whether the connection is encrypted, ...

They way "Login with Google" is currently implemented in the TTC client does not seem right and I would suggest to remove the feature until it's fixed. It just teaches bad/insecure habits, i. e. type in your (google) credentials into some random pop up window.

https://tools.ietf.org/html/draft-ie...native-apps-03
TTC's client uses embedded IE when you do login. And all of your login with FB/Google/MS stuffs are all handled by IE. TTC client will grab the tamrieltradecentre.com cookie from your IE cookie container and start from there. I don't even think Google even allow programmed access to OAuth with user name and password.
Hmm ... assuming that you have no browser running at the moment and never have authenticated to the TTC web site and/or to google (or rather cleared all cookies), does the client or rather the embedded IE ask for your google password or not?

This is how it looks after deleting all INetCookies: https://imgur.com/a/EZVem

Your (Native) App (or rather the embedded IE) should NEVER ask for the password. You should use/open the system/default browser instead. Please read the IETF Draft I have linked (section 8.1) or the corresponding 8.12 section from the updated version: https://tools.ietf.org/html/rfc8252#section-8.12

Code:
8.12.  Embedded User-Agents
[...]
Encouraging users to enter credentials in an embedded user-agent
without the usual address bar and visible certificate validation
features that browsers have makes it impossible for the user to know
if they are signing in to the legitimate site; even when they are, it
trains them that it's OK to enter credentials without validating the
site first.
ietf is just a recommendation on what would be ideal. But until we got OS support for such thing it is not that easy to achieve. Mobile OS already supports this so all the recommendations for mobile app are to use the SDK.

But for desktop app. Meh, you will have to hope this becomes a standard one day and MS would add that to windows.

I will just quote some recommendations:

FB:

"To use Facebook Login in a desktop app, you'll need to be able to embed a web browser (sometimes called a webview) within the app to perform the login process."

https://developers.facebook.com/docs...d-a-login-flow

Twitter:
Mobile and desktop apps should open a new browser window or direct to the URL via an embedded web view.

https://dev.twitter.com/web/sign-in/implementing


All the games that supports OAuth that I know does it this way.
MS, FB apps does it this way.

Default browser has NO standard event to notify desktop app about redirection nor does it have standard way to read cookies from.
Adding a system hook or Url hook would require Admin privilege which grants way more privilege than what that embedded browser can do. And it makes Anti-virus even more zealous about the client.
Report comment to moderator  
Reply With Quote
Unread 03/26/18, 03:29 AM  
necropola
 
necropola's Avatar

Forum posts: 0
File comments: 28
Uploads: 0
Re: Re: Oauth implementation issue

Originally Posted by cyxui
Originally Posted by necropola
I just deleted SavedVariables because I logged into another ESO account (and I already know that this breaks the settings).

I'm now trying to recreate the settings from scratch and supply the same TTC account informatiion I used before, but the client not only asks for the account name (Login with Google) but also for a password which is VERY SUSPICIOUS.

I already have an authenticated chrome (default browser) session and I would expect the client to request an OAUTH/openid token (--> Asp.Net.ApplicationCookie) from that session and NOT to create a separate login session using some IE/HTML control and then ask for my google password. I cannot even see where this control connects too, whether the connection is encrypted, ...

They way "Login with Google" is currently implemented in the TTC client does not seem right and I would suggest to remove the feature until it's fixed. It just teaches bad/insecure habits, i. e. type in your (google) credentials into some random pop up window.

https://tools.ietf.org/html/draft-ie...native-apps-03
TTC's client uses embedded IE when you do login. And all of your login with FB/Google/MS stuffs are all handled by IE. TTC client will grab the tamrieltradecentre.com cookie from your IE cookie container and start from there. I don't even think Google even allow programmed access to OAuth with user name and password.
Hmm ... assuming that you have no browser running at the moment and never have authenticated to the TTC web site and/or to google (or rather cleared all cookies), does the client or rather the embedded IE ask for your google password or not?

This is how it looks after deleting all INetCookies: https://imgur.com/a/EZVem

Your (Native) App (or rather the embedded IE) should NEVER ask for the password. You should use/open the system/default browser instead. Please read the IETF Draft I have linked (section 8.1) or the corresponding 8.12 section from the updated version: https://tools.ietf.org/html/rfc8252#section-8.12

Code:
8.12.  Embedded User-Agents
[...]
Encouraging users to enter credentials in an embedded user-agent
without the usual address bar and visible certificate validation
features that browsers have makes it impossible for the user to know
if they are signing in to the legitimate site; even when they are, it
trains them that it's OK to enter credentials without validating the
site first.
__________________
I am the beginning, the end, the one who is many.
Last edited by necropola : 03/26/18 at 06:48 AM.
Report comment to moderator  
Reply With Quote
Unread 03/25/18, 09:57 PM  
cyxui
AddOn Author - Click to view AddOns

Forum posts: 22
File comments: 207
Uploads: 1
Re: Oauth implementation issue

Originally Posted by necropola
I just deleted SavedVariables because I logged into another ESO account (and I already know that this breaks the settings).

I'm now trying to recreate the settings from scratch and supply the same TTC account informatiion I used before, but the client not only asks for the account name (Login with Google) but also for a password which is VERY SUSPICIOUS.

I already have an authenticated chrome (default browser) session and I would expect the client to request an OAUTH/openid token (--> Asp.Net.ApplicationCookie) from that session and NOT to create a separate login session using some IE/HTML control and then ask for my google password. I cannot even see where this control connects too, whether the connection is encrypted, ...

They way "Login with Google" is currently implemented in the TTC client does not seem right and I would suggest to remove the feature until it's fixed. It just teaches bad/insecure habits, i. e. type in your (google) credentials into some random pop up window.

https://tools.ietf.org/html/draft-ie...native-apps-03
TTC's client uses embedded IE when you do login. And all of your login with FB/Google/MS stuffs are all handled by IE. TTC client will grab the tamrieltradecentre.com cookie from your IE cookie container and start from there. I don't even think Google even allow programmed access to OAuth with user name and password.
Report comment to moderator  
Reply With Quote
Unread 03/24/18, 10:41 AM  
necropola
 
necropola's Avatar

Forum posts: 0
File comments: 28
Uploads: 0
Oauth implementation issue

I just deleted SavedVariables because I logged into another ESO account (and I already know that this breaks the settings).

I'm now trying to recreate the settings from scratch and supply the same TTC account informatiion I used before, but the client not only asks for the account name (Login with Google) but also for a password which is VERY SUSPICIOUS.

I already have an authenticated chrome (default browser) session and I would expect the client to request an OAUTH/openid token (--> Asp.Net.ApplicationCookie) from that session and NOT to create a separate login session using some IE/HTML control and then ask for my google password. I cannot even see where this control connects too, whether the connection is encrypted, ...

They way "Login with Google" is currently implemented in the TTC client does not seem right and I would suggest to remove the feature until it's fixed. It just teaches bad/insecure habits, i. e. type in your (google) credentials into some random pop up window.

https://tools.ietf.org/html/draft-ie...native-apps-03
__________________
I am the beginning, the end, the one who is many.
Last edited by necropola : 03/25/18 at 07:16 PM.
Report comment to moderator  
Reply With Quote
Unread 03/17/18, 01:05 PM  
cyxui
AddOn Author - Click to view AddOns

Forum posts: 22
File comments: 207
Uploads: 1
Originally Posted by Marazota
the site laggin last days or its only me?
try clear your DNS cache. Some people reported this could be the problem.
Report comment to moderator  
Reply With Quote
Unread 03/13/18, 08:06 AM  
Marazota

Forum posts: 35
File comments: 326
Uploads: 0
the site laggin last days or its only me?
Report comment to moderator  
Reply With Quote
Post A Reply



Category Jump: