SteamKit icon indicating copy to clipboard operation
SteamKit copied to clipboard
verified publisher icon SteamRE

New Steam login flow

Open xPaw opened this issue 3 years ago • 1 comments

Making this issue for collecting observations.

Implementation in JS: https://github.com/DoctorMcKay/node-steamcommunity/pull/292

Even Steam client uses this flow, and it no longer uses login keys for remembering password, instead it uses new access_token field in the login message. There's also refresh_token, but I don't know how will the client decide when it needs to refresh the token.

Their tokens (and cookies) are JWT tokens, you can base64 decode it and see its expiration.

For web, the jwt token expires in a day, and when it does it will redirect to login.steampowered.com which has a separate JWT token cookie set (if remember password, it expires in 207 days).

When auth has confirmation_type 6, it will do a call to /jwt/checkdevice. When login. subdomain has steamMachineAuth cookie set, this will return true and it will avoid asking for an email code.

The protos: https://github.com/SteamDatabase/Protobufs/blob/master/steam/steammessages_auth.steamclient.proto

xPaw avatar Aug 28 '22 18:08 xPaw

You can use refresh_token or access_token to log in to steamcommunity I've implemented both methods here. https://github.com/fcastrocs/steam-web

fcastrocs avatar Sep 13 '22 17:09 fcastrocs

When can we expect new SteamKit version?

Adios22 avatar Mar 22 '23 19:03 Adios22

When can we expect new SteamKit version?

When it's ready.

psychonic avatar Mar 22 '23 20:03 psychonic