a basic example to implement "login with steam" on Node js without passport (url generation + validation)

app.js

import express from 'express'
import axios from 'axios'

const app = express()
// settings:
const steam_url = 'https://steamcommunity.com/openid/login'
const steam_api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' // don't share it 🙈
const service_url = 'http://localhost:83'
const login_path = '/login'
const login_cb_path = '/login_callback'

// login endpoint
app.get(login_path, function (req, res) {
  const params = new URLSearchParams({
    'openid.ns'         : 'http://specs.openid.net/auth/2.0',
    'openid.mode'       : 'checkid_setup',
    'openid.return_to'  : service_url + login_cb_path,
    'openid.realm'      : service_url,
    'openid.identity'   : 'http://specs.openid.net/auth/2.0/identifier_select',
    'openid.claimed_id' : 'http://specs.openid.net/auth/2.0/identifier_select'
  })
  // provide url or redirect the user: res.redirect(...)
  res.send('url to connect: ' + steam_url + '?' + params.toString())
})

// callback endpoint
app.get(login_cb_path, async function (req, res) {
  if (typeof req.query['openid.claimed_id'] === 'string') {
    // check signature:
    const params = new URLSearchParams(req.query)
    params.set('openid.mode', 'check_authentication')
    const { data } = await axios.get(steam_url + '?' + params.toString())

    if (data.indexOf('is_valid:true') > 0) {
      // get "user summary"
      const { data } = await axios.get('http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/' + 
        `?key=${steam_api_key}&steamids=${req.query['openid.claimed_id']}`)

      // do something with user data:
      console.log(data.response.players[0])
      res.send(data)
    } else {
      // Forbidden, the signature is note valid
      res.status(403).send('Not you')
    }
  }
})

app.listen(83, () => console.log(`listen http://localhost:83/`))