Investigate potential enhancement of device confirmation

[JustArchi]

Checklist

• [X] I read and understood ASF's Contributing guidelines
• [X] I also read Setting-up and FAQ, I don't need help, this is an enhancement idea
• [X] My idea doesn't duplicate existing ASF functionality described on the wiki
• [X] I believe that my idea falls into ASF's scope and should be offered as part of ASF built-in functionality
• [X] My idea doesn't violate the Steam Subscriber Agreement
• [X] My idea doesn't violate the Steam Online Conduct
• [X] This is not ASF-ui suggestion

Enhancement purpose

New Steam login flow allows us to access the account by not only 2FA code, but also confirmation in Steam mobile app, which is without argument far more convenient for average user. Right now ASF doesn't use this method as the key goal was to restore previous functionality - now that we have out of the way, we can investigate and think how to improve on that part.

Solution

We have AcceptDeviceConfirmationAsync which according to the doc:

        /// <summary>
        /// This method is called when the account being logged has the Steam Mobile App and accepts authentication notification prompts.
        ///
        /// Return false if you want to fallback to entering a code instead.
        /// </summary>
        /// <returns>Return true to poll until the authentication is accepted, return false to fallback to entering a code.</returns>

The question is how exactly we want to integrate this flow into ASF. For now, I believe the best approach is:

Steam mobile app confirmation needed, type Y if you accepted the confirmation, N to input the code instead [Y/N]:

@MsFloofie Better English wording welcome. @Abrynos @Ryzhehvost feedback welcome.

Why currently available solutions are not sufficient?

Current flow works fine, but there is no reason not to support more user convenient option, the 2FA input code will still be here for everybody who doesn't want the usual flow. And for Headless setups, we'll default that prompt to N.

Can you help us with this enhancement idea?

Yes, I can code the solution myself and send a pull request

Additional info

No response

[MsFloofie]

For some reason, I was having a little bit of trouble understanding it all at first. Maybe if it was worded as this

Login confirmation required, enter Steam guard code or type Y for accepting inside the app.

Instead of asking which one to choose. I'm not 100% sure how this login process works for the mobile app, but would it be possible to repeatedly check if it's accepted or not?

[JustArchi]

We can't do it like that, as we don't know if SteamGuard or 2FA is required at the stage of accepting confirmation IIRC /cc @xPaw

[xPaw]

We do know that. That's why AcceptDeviceConfirmationAsync works, but I didn't really investigate a better design for it because asking for a code on cli blocks the thread.

As I said previously, the current design is minimum viable implementation. If you can figure out a better design, the SK stuff can be updated to support it.

[vadimlitvinenko87]

Every start asking confirmation of 2FA code it is not good.

[Abrynos]

I'd like to see a "preferred method" config option for bots.

ELoginFlow flow = bot.DefaultLoginFlow.HasValue ? bot.DefaultLoginFlow.Value : AskUser();
switch (flow) {
    case ELoginFlow.AppConfirmation:
        // TODO - request app confirmation
        // TODO - make sure the user can switch manually
    case ELoginFlow.Code:
        // TODO - ask user for code
        // TODO - make sure the user can switch manually
}

Furthermore we need to think about how this is incorporated into headless setups and IPC module.

And while the login flow is getting changed: How about the possibility for (custom) plugins to supply E-Mail codes in a standardised fashion?

[jondycz]

Since even the official steamcmd doesn't support this function, I kinda doubt it's worth the time and effort to add this into a community project like this.