Skip to main content
Steam uses OpenID 2.0 rather than OAuth 2.0. Magic handles the protocol difference for you — the SDK surface is the same as the other social providers.

Usage

Prerequisites

Steam Setup

After installing the OAuth extension, you can now enable Steam Login for your Magic app:
  1. Sign in at steamcommunity.com/dev/apikey and register a Steam Web API key
  2. Go to your Magic Dashboard
  3. Select the Magic app for which you’d like to enable Steam Login, or create a new app
  4. Navigate to Authentication > Social Login from the sidebar
  5. Click the toggle for Steam
  6. Input the Web API Key for your Steam app and save
  7. Go to Settings > Allowed Origins & Redirects and add the Redirect URI you are passing as the redirectURI argument to the redirect allowlist:
    JavaScript
    await magic.oauth2.loginWithRedirect({
  provider: 'steam',
  redirectURI: 'https://your-app.com/your/oauth/callback', // allowlist this in your Magic Dashboard
});
  8. In Magic Dashboard, click Save
Steam does not require a per-app client registration on their side. The only configuration Steam needs is the Web API key. Redirect URI validation happens on Magic’s side via the app’s redirect allowlist.

Implementation

Trigger the login flow:
JavaScript
await magic.oauth2.loginWithRedirect({
  provider: 'steam',
  redirectURI: 'https://your-app.com/your/oauth/callback',
});
On the callback page, resolve the result the same way you would for any other OAuth provider:
JavaScript
const result = await magic.oauth2.getRedirectResult();
getRedirectResult automatically detects Steam’s OpenID 2.0 response parameters and routes them through the Steam verification flow — no separate method call is needed. The result interface: 
interface OAuthRedirectResult {
  magic: {
    idToken: string;
    userMetadata: MagicUserMetadata;
  },
  oauth: {
    provider: 'steam';
    userHandle: string;
    userInfo: {
      steamId: string;
      personaName?: string;
      profileUrl?: string;
      avatarUrl?: string;
      realName?: string;
    };
  };
};
Profile fields beyond steamId (persona name, avatar, etc.) are fetched from Steam’s GetPlayerSummaries API. If Steam is unreachable or the Web API key is invalid, these fields will be null for first-time logins. For returning users, Magic preserves the last-known profile data.