CTFtime
Configure CTFtime OAuth authentication and leaderboard export.
The CTFtime integration adds OAuth-based authentication and leaderboard export in CTFtime’s standard format.
Setup#
Go to your team page on CTFtime and register a new OAuth application. You will receive a client ID (numeric) and a client secret.
Set the callback URL to https://your-ctf-domain.com/integrations/ctftime/callback.
ctftime: clientId: '12345' clientSecret: your-client-secretOr via environment variables:
Authentication flow#
- The user clicks “Login with CTFtime” on the frontend
- The browser redirects to CTFtime’s OAuth authorization page
- After approval, CTFtime redirects back with an authorization code
- The frontend sends the code to the rCTF API
- The API exchanges the code for a CTFtime access token and creates an rCTF CTFtime auth token
Registration with CTFtime#
When a user registers with CTFtime, they provide a team name and the CTFtime token. No email verification is required.
Login with CTFtime#
Returning users provide their CTFtime auth token to log in. The API matches their CTFtime ID to an existing account and returns an rCTF auth token.
Division ACL behavior#
Note
When CTFtime authentication is configured, division ACLs are bypassed entirely. All divisions become available to CTFtime-authenticated users. This is because ACLs are email-based, and CTFtime authentication does not require an email address.
Leaderboard export#
After the CTF ends, you can export the leaderboard in CTFtime’s format for scoreboard submission.
The platform provides a leaderboard export in CTFtime’s JSON format, accessible to users with leaderboardRead permission.
See After the CTF for the full scoreboard submission procedure.