Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

why is this whole thing only working with client-id 0000000048093EE3 ??

See original GitHub issue

hi there, i cannot remember how long i am trying to make oauth working with my own app/clientid. i always get to the point where i get the access and refresh token, but then…

but instead of using the login url of this package:

https://login.live.com/oauth20_authorize.srf?display=touch&scope=service%3A%3Auser.auth.xboxlive.com%3A%3AMBI_SSL&redirect_uri=https%3A%2F%2Flogin.live.com%2Foauth20_desktop.srf&locale=en&response_type=token&client_id=0000000048093EE3

i always used this url:

https://login.live.com/oauth20_authorize.srf?client_id=000000004C2353AB&response_type=token&scope=Xboxlive.signin+Xboxlive.offline_access&redirect_uri=https://github.com/michabbb

with that code i do my

https://user.auth.xboxlive.com/user/authenticate

{
  "RelyingParty": "http://auth.xboxlive.com",
  "TokenType": "JWT",
  "Properties": {
    "AuthMethod": "RPS",
    "SiteName": "user.auth.xboxlive.com",
    "RpsTicket": "<accesstoken>"
  }
}

and there i always get a 400 Bad Request error.

i don’t understand the setup behind the working client-id 0000000048093EE3 and my own app.

if someone could help me here, that would be awesome, because this bothers me since years now and nobody was able or willing to help, as this seems to be the holy grail when it comes to working with the xbox live api.

🙏 🙏

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:17 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
tuxusercommented, Aug 9, 2018

For this type of authentication, scope ‘Xboxlive.signin Xboxlive.offline_access’, a whitelisted client ID / webapp is required. You have to register for ID@Xbox program to make use of it.

0reactions
JamesTheAwesomeDudecommented, Jan 12, 2021

Also, FWIW, some stripped-down PoC API-hitting code I’ve written does not require 0000000048093EE3 anywhere in it. So I’m wondering if it would be possible or desirable to factor it out of xbox.webapi.authentication.manager in the long run; given that users have got to roll our own Azure app anyway, this constant doesn’t save us from having to bring our own client_id as well.

(Just some thoughts; I’m not necessarily lobbying for this to be re-opened with non-negligible priority, given that having 0000000048093EE3 hard-coded seems to work as-is)

Read more comments on GitHub >

github_iconTop Results From Across the Web

No results found

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Authentication with special characters not working

Next page

Unable to compile `IAccount.cairo` due to re-definition of `__validate_declare__`