search

DoctorMcKay / node-steam-session

Node.js module for authenticating with the Steam auth server. Allows for generating refresh tokens and web auth cookies for use with steam-user and other packages.
https://www.npmjs.com/package/steam-session
MIT License
117 stars 22 forks source link

getWebCookies() cancel refreshToken #22

Closed Sadzurami closed 1 year ago

Sadzurami commented 1 year ago

Describe the bug

Sometimes calling getWebCookies() causes "AccessDenied" error and the refreshToken is canceled immediately after that.

"Canceled token" means that use of this token causes an "AccessDenied" error for the token platform and for getWebCookies(). For example, if I create a refreshToken for EAuthTokenPlatformType.SteamClient and then try to collect the cookies and get an error, then if I use the refreshToken in node-steam-user I get the same "AccessDenied" error.

This behavior happens about 40% of the time for different accounts (not for the same account). Some accounts are comfortable using getWebCookies() anytime, some accounts lose their refreshToken.

Note: refresh tokens are not expired yet (checked via jwt.io) and was created for EAuthTokenPlatformType.SteamClient.

I tried to use a proxy, but the problem persists.

Versions

steam-session: 1.2.3 node: v18.16.0

Code

const getCookies = async (refreshToken: string) => {
    let loginSession: LoginSession;
    try {
        loginSession = new LoginSession(EAuthTokenPlatformType.WebBrowser);
        loginSession.loginTimeout = 10000;
        loginSession.refreshToken = refreshToken;

        const cookies = await loginSession.getWebCookies();

        return cookies;
    } catch (error) {
        throw new Error('Failed to get cookies');
    } finally {
        loginSession?.cancelLoginAttempt();
    }
};

Screenshots and Error Logs

Error: AccessDenied
    at eresultError (/Users/user/Progects/project/node_modules/steam-session/src/helpers.ts:16:12)
    at LoginSession.getWebCookies (/Users/user/Progects/project/node_modules/steam-session/src/LoginSession.ts:525:22)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async getCookiesForSession (/Users/user/Progects/project/src/main.ts:51:19)
    at async promise.retries (/Users/user/Progects/project/src/main.ts:147:21)
    at async RetryOperation._fn (/Users/user/Progects/project/node_modules/p-retry/index.js:50:12) {
  eresult: 15
}
DoctorMcKay commented 1 year ago

I can't really speak toward why the Steam backend would invalidate a token. Maybe they invalidate if your IP changes or something.

It's also possible that calling getWebCookies() with a SteamClient platform token will cause problems like this. The official client doesn't get cookies this way.

Sadzurami commented 1 year ago

I can't really speak toward why the Steam backend would invalidate a token. Maybe they invalidate if your IP changes or something.

It's also possible that calling getWebCookies() with a SteamClient platform token will cause problems like this. The official client doesn't get cookies this way.

This behavior seems to be happen when we use EAuthTokenPlatformType.SteamClient tokens. I tested the same code with EAuthTokenPlatformType.MobileApp and EAuthTokenPlatformType.WebBrowser and didn't see errors like AccessDenied.

As a temporary workaround, we should create another refresh token to interact with the web.

DoctorMcKay commented 1 year ago

As a temporary workaround, we should create another refresh token to interact with the web.

That would work. You could also use steam-user's webSession event.