$ npm install @xboxreplay/xboxlive-auth
@xboxreplay/xboxlive-auth
A light but advanced Xbox Live authentication module with OAuth2.0 and Electron support.
Warning
Due to security reasons (CORS for instance), this library has been designed to only run on a node.js environment.
Breaking Changes
A lot of breaking changes have been made since the latest 3.3.3 release. Please make sure to take a look and follow each step from the authenticate documentation.
Installation
$ npm install @xboxreplay/xboxlive-auth
Usage Example
import { authenticate } from '@xboxreplay/xboxlive-auth';
authenticate('name@domain.com', '*********')
.then(console.info)
.catch(console.error);
Sample Response
{
"xuid": "2584878536129841", // May be null based on the specified "RelyingParty"
"user_hash": "3218841136841218711",
"xsts_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"display_claims": { // May vary based on the specified "RelyingParty"
"gtg": "Zeny IC",
"xid": "2584878536129841",
"uhs": "3218841136841218711",
"agg": "Adult",
"usr": "234",
"utr": "190",
"prv": "185 186 187 188 191 192 ..."
},
"expires_on": "2021-04-13T05:43:32.6275675Z"
}
Documentation
- Basic authentication
- Use a custom Azure Application (OAuth2.0)
- Experimental methods, such as "deviceToken" generation
- What's a RelyingParty and how to use it
- Available methods in this library
- Known issues and possible workarounds
- How to deal with unauthorized "AgeGroup" authentication
Available Examples
How to interact with the Xbox Live API?
The best way to interact with the API is to use our @xboxreplay/xboxlive-auth module. That said, a cURL example is available below and can be replicated using axios or another HTTP client for node.js.
Example
$ curl 'https://profile.xboxlive.com/users/gt(Major%20Nelson)/profile/settings?settings=Gamerscore' \
-H 'Authorization: XBL3.0 x={userHash};{XSTSToken}' \
-H 'x-xbl-contract-version: 2'
What about 2FA (Two-factor authentication)?
Exposed authenticate and authenticateWithUserCredentials methods can not deal with 2FA but a workaround may be possible using the authenticateWithUserRefreshToken one. Please take a look at authenticate documentation. Additional improvements regarding this issue are not planned.
Known Issues
Please refer to the dedicated documention.
Licence
MIT
Current Tags
- 4.0.0-beta.5 ... beta (4 years ago)
- 4.0.0 ... latest (3 years ago)
28 Versions
- 4.0.0 ... 3 years ago
- 4.0.0-beta.5 ... 4 years ago
- 4.0.0-beta.4 ... 4 years ago
- 4.0.0-beta.3 ... 4 years ago
- 4.0.0-beta.2 ... 4 years ago
- 4.0.0-beta.1 ... 4 years ago
- 4.0.0-beta.0 ... 4 years ago
- 3.3.3 ... 4 years ago
- 3.3.1 ... 4 years ago
- 3.3.2 ... 4 years ago
- 3.3.0 ... 5 years ago
- 3.1.1 ... 5 years ago
- 3.0.2 ... 5 years ago
- 3.0.1 ... 5 years ago
- 2.2.0 ... 5 years ago
- 2.0.1 ... 5 years ago
- 2.0.0 ... 5 years ago
- 1.0.1 ... 5 years ago
- 1.0.0 ... 5 years ago
- 0.3.0 ... 6 years ago
- 0.2.2 ... 6 years ago
- 0.2.1 ... 6 years ago
- 0.2.0 ... 6 years ago
- 0.1.1 ... 6 years ago
- 0.1.0 ... 6 years ago
- 0.0.3 ... 6 years ago
- 0.0.2 ... 6 years ago
- 0.0.1 ... 6 years ago
zeny
- axios ^0.21.1
- @types/node ^14.14.20
- dotenv ^8.2.0
- rimraf ^3.0.2
- ts-node ^9.1.1
- typescript ^4.1.3