@xboxreplay/xboxlive-auth - Upcoming 4.0.0 release
See original GitHub issueHey there, first of all, thanks for using @xboxreplay/xboxlive-auth
library.
In the upcoming days, a new major version will be released which includes a few of breaking changes and new features / workarounds such as “deviceToken” generation, “Child” / “Teen” account detections, Electron usage, etc.
Please refer to the available documentation right here: https://github.com/XboxReplay/xboxlive-auth/tree/4.0.0/docs
Thank you!
Update: The 4.0.0-beta.0
is available on npm - https://www.npmjs.com/package/@xboxreplay/xboxlive-auth/v/4.0.0-beta.0
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Xbox Insider Release Notes - Xbox App for Windows ...
Gaming Services version released: 4.66.3001.0; Available: 3:00 a.m. PT – July 7th, 2022. New Features and Experiences. We have exciting news!
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Yes, right now in #806 we have msa device code based authentication. The server sends us a code, url, and a message for the user. We send that message back to the user to have them follow the instructions sent by the server, then the ms auth library (msal) constantly polls to check the status of the authentication. If it’s successful, the promise resolves and we continue with the auth flow onto the Xbox step with your library to get the final XSTS data, onto the Minecraft step. We store the tokens so this step doesn’t have to be repeated. Sending username and password works some of the time without user interaction, but not all the time, and would be a maintenance chore every time Microsoft changes something with their auth page and it’s hard to debug other people’s issues if we can’t reproduce. So we need to have an alternative.
Regarding adding the new auth flow in your library:
As this is also a library, usually used in headless environments, there’s a lot of different environments we have to account for. Bundling electron is not a good idea for the library, it would add 100 MB+ to the package size and would only work if the users are in a GUI environment.
So for the library side to support the auth_code flow, we’d need to start a server, or delegate the auth step to the user. We do have a example using the library in an electron app, this is where I think the authorization_code flow would be helpful: we can get the live url the user needs to go to, send it to the user in a callback, user code starts up a electron window with the login page and sends the the relevant data back like in your example so we can continue the auth flow. (Currently with device_code auth we just alert the user the code and wait for them deal with it.)
It’s a bit complicated to explain, but it comes down to:
I’ll look at updating the #806 PR to use 4.0 soon, but can you answer the questions in my comment above ? Thanks
Remote / cloud servers constraints
Those constraints are difficult to bypass. Perhaps there’s a possible workaround where the user do not set its credentials (email / password) but the returned live tokens instead. As 2FA can be an issue during the initial authentication, maybe you should use an Electron application (see example) for this part.