Architecture · ops.tradeit.gg
How users authenticate with tradeit.gg — Steam OpenID login, OAuth2, and session management.
Last updated: 2026-04-14
sequenceDiagram
participant U as User Browser
participant FE as new-tradeit
participant LS as tradeit-login-server
participant Steam as Steam OpenID
participant Redis as Redis
participant API as tradeit-backend
participant DB as MySQL
U->>FE: Click "Login with Steam"
FE->>LS: Redirect to /auth/steam
Note over LS,Steam: Steam OpenID Flow
LS->>Steam: OpenID authentication request
Steam->>U: Steam login page
U->>Steam: Enter credentials
Steam->>LS: OpenID callback with Steam ID
Note over LS,Redis: Session Creation
LS->>LS: Validate redirect URL against domain whitelist
LS->>Redis: Create session (store Steam ID, profile)
LS->>FE: Redirect with session cookie
Note over FE,DB: Authenticated Requests
FE->>API: API request with session cookie
API->>Redis: Validate session
API->>DB: Load user data (oauth2_users)
API-->>FE: Authenticated response
passport-openid)login.ts| Strategy | Provider | Used For |
|---|---|---|
| Steam OpenID | Steam | Primary user login (tradeit-login-server) |
| Steam OAuth2 | Steam | OAuth2 flow (tradeit-oauth2-server) |
| FACEIT | FACEIT | Alternative login for esports users |
| GitHub | GitHub | Developer/admin access |
oauth2_users in MySQL (schema: steamtrade)ops.tradeit.gg — Internal Engineering Docs