CTFtime
Configure CTFtime OAuth authentication and leaderboard export.
The CTFtime integration lets teams register or log in with CTFtime and exports the final standings in CTFtime’s format.
Setup
-
Create a CTF
You will receive a client ID (numeric) and a client secret.
Set the callback URL to
https://your-ctf-domain.com/integrations/ctftime/callback. -
Configure rCTF
rctf.d/ctftime.yaml ctftime:clientId: '12345'clientSecret: your-client-secretOr via environment variables:
Variable Description RCTF_CTFTIME_CLIENT_IDCTFtime OAuth client ID (numeric string) RCTF_CTFTIME_CLIENT_SECRETCTFtime OAuth client secret
Authentication flow
- The user clicks “Login with CTFtime” on the frontend
- The browser redirects to CTFtime’s OAuth authorization page
- After approval, CTFtime redirects back with an authorization code
- The frontend sends the code to the rCTF API
- The API exchanges the code for a CTFtime access token and creates an rCTF CTFtime auth token
Registration with CTFtime
A CTFtime registration includes the team name and CTFtime token. It does not require email verification.
Login with CTFtime
For later logins, rCTF matches the CTFtime ID to the existing team and returns an rCTF auth token.
Division ACL behavior
Note
CTFtime authentication bypasses division ACLs because it does not provide the email address those rules need. CTFtime users can therefore select any division.
Leaderboard export
After the event, a user with leaderboardRead permission can export the standings as CTFtime JSON.
See After the CTF for the full scoreboard submission procedure.