what is clonk auth

clonk auth is the elite account system used by cyberspace to identify and authenticate. a clonk auth account grants access to a network of products and services to improve Your Life, Forever. notable amount these services is the redeems menu.

how do i get clonk auth

you can register via twitch here. this will give you a username and randomly-generated password. you cannot change this password - if you need to reset it, simply visit the registration link again to obtain a new password.

how do i send automated requests as my own user?

many people worldwide love spamming redeems and other functionality on the LCOLONQ stream broadcast. in the interest of promoting superior business synergy, YOU can now cause events to occur from the comfort and luxury of your private command terminal. you can obtain an authorization cookie by sending a POST request to https://auth.colonq.computer/api/firstfactor. the body of this request should be a JSON object with two fields: username and password. the response will include a cookie - send this cookie alongside subsequent requests to endpoints under https://secure.colonq.computer/api/

how do i send automated requests as somebody else? (o auth two style)

other people have expressed interest in building services that allow "log in with clonk". for example, you could have a little button on your website that users could click and log in with their clonk auth credentials, granting you a token that enables you to temporarily make requests on their behalf. if this is interesting to you, this is how you do it.

1. contact clonk (on discord or irc or wherever) and let him know you are interested in this. he will ask you for a client_id (a short identifying string for your application of your choosing) and a redirect_urL (a public URL that you control where users will be redirected to post-login, with their code in a query parameter)
2. in order to authenticate, you will have to follow something called the "OAuth2 Authorization Code Flow" with "Pushed Authorization Request". your OAuth2 client of choice may support this. if it does not, here is how to do it
3. first, make a POST request to https://auth.colonq.computer/api/oidc/pushed-authorization-request with the following form parameters:
   • response_type, with the value code
   • client_id, where the value is the client_id you gave clonk earlier
   • redirect_uri, where the value is the redirect_uri you gave clonk earlier
   • scope, with the value authelia.bearer.authz
   • audience, with the value https://secure.colonq.computer
   • state, where the value is a random string at least 8 characters long
   • code_challenge_method, with the value S256
   • code_challenge, where the value is slightly complicated. you should randomly generate a string that is at least 43 characters long. then hash that string with SHA256. take the resulting bytes (NOT the ascii representation of those bytes) and encode them with "base64url". what this means basically is base64 encode them, replace all of the / with _ and all of the + with - and remove all of the = at the end. remember the random string you hashed.
   this POST request will return a JSON object with a field called request_uri

   here is an example curl command doing this stuff:

               curl 'https://auth.colonq.computer/api/oidc/pushed-authorization-request' \
               -F 'response_type=code' \
               -F 'client_id=testclient' \
               -F 'redirect_uri=http://127.0.0.1:39303/oauth2/callback' \
               -F 'scope=authelia.bearer.authz' \
               -F 'audience=https://secure.colonq.computer' \
               -F 'state=aaaaaaaa' \
               -F 'code_challenge_method=S256' \
               -F 'code_challenge=UnieNCO3K-64mEVqT0lmLkawy7lgeExe9LE5nTJ-fCc'
             

4. use the request_uri from the previous step to send a GET request to https://auth.colonq.computer/api/oidc/authorization?client_id=testclient&request_uri=THAT_REQUEST_URI_FROM_BEFORE this will return HTML containing a single a tag. redirect the user to the target of this link and they will be prompted to log in. after doing so, they will be redirected to your redirect_uri with a query parameter called code.
5. use the code from the previous step to make a POST request to https://auth.colonq.computer/api/oidc/token with the following query parameters:
   • client_id, where the value is the client_id you gave clonk earlier
   • redirect_uri, where the value is the redirect_uri you gave clonk earlier
   • grant_type, with the value authorization_code
   • code, where the value is the code you got from the previous step
   • code_verifier, where the value is the string you hashed/base64url-ed to make the code_challenge string earlier
   this POST request will return a JSON object with a field called access_token you can use this access token to make authorized requests!

   here is an example curl command doing this stuff:

               curl 'https://auth.colonq.computer/api/oidc/token' \
               -F 'client_id=testclient' \
               -F 'redirect_uri=http://127.0.0.1:39303/oauth2/callback' \
               -F 'grant_type=authorization_code' \
               -F 'code=authelia_ac_Um67zgb74fEZTsG61noNeTxhUEzbPg3FW05s6AmdZyk.T6xHBDRoLOgrMXuPln9qZvLcuNKTeJIoUBdltoUQIno' \
               -F 'code_verifier=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
             

6. now you can use your access_token to make requests to the secure API! use it like this:

             curl -H 'Proxy-Authorization: Bearer authelia_at_KwlCTQSKSbQO80wnK0p7XH4I3vJVWmXysCme27abWnA.qtVTTktNNHxR0jZXLMxWt4IOZqzd1bCc-OameqdILVs' https://secure.colonq.computer/api/status
           

7. have fun!