search

bukson / steampy

A Steam trading library for python 3
MIT License
562 stars 153 forks source link

This is a question or suggestion about cookies #308

Open steamAuto8988 opened 11 months ago

steamAuto8988 commented 11 months ago

The explanation I found for cookies in the steamkit project is as follows sessionid-> Can be generated locally steamLoginSecure -> steam +'%7C%7C' + access_token

When web login,we get it refresh_token,refresh_token valid for 1 year。 we get access_token by refresh_token. access_token vaild for 1 day. Can we change the LoginExecutor.set_sessionid_cookies method for setting cookies? I'm sorry, I'm new to python and there are a lot of things that could be affected by my changes, so bring up this' problem 'or' suggestion 'in the issue?

example generateSessionID

def _random_hex_number():
    buffer = secrets.token_bytes(16)
    hexStr = ''
    for e in buffer:
        hexStr += hex(e)
    return hexStr

def _generateSessionID():
    return _random_hex_number()

example refresh accessToken 

    def _refreshSession(self):
        data = {
            "refresh_token": self.refreshToken,
            "steamid": self.steamId
        }

        try:
            resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                                 proxies=ProxyConfig.__dict__())
            if resp.status_code == 200 and resp.text is not None:
                body = resp.json()
                self.accessToken = body['response']['access_token']
        except ProxyError as e:

            return
borisenko09 commented 11 months ago

I confirm that after 1 day the session ceases to be active and the repeated login method does not allow the account to become online, only a complete restart helps

steamAuto8988 commented 11 months ago

I confirm that after 1 day the session ceases to be active and the repeated login method does not allow the account to become online, only a complete restart helps Maybe you can try updating steamLoginSecure by refreshing access_token, I'm sure steamLoginSecure is available to do so. In the my github,I have a project that uses this。

borisenko09 commented 11 months ago

I tried to logout when is_session_alive responds that the session has ended and login again, but it didn’t help, probably you really need to add the _refreshSession function so that you can stay online for more than 1 day

sattarov1960 commented 11 months ago

why is this needed? def _random_hex_number(): buffer = secrets.token_bytes(16) hexStr = '' for e in buffer: hexStr += hex(e) return hexStr

def _generateSessionID(): return _random_hex_number()

UPD. Can I just request an access token refresh? data = { "refresh_token": self.refreshToken, "steamid": self.steamId }

    try:
        resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                             proxies=ProxyConfig.__dict__())

UPD2 Where can I get a refresh token?

wolfovik commented 11 months ago

why is this needed? def _random_hex_number(): buffer = secrets.token_bytes(16) hexStr = '' for e in buffer: hexStr += hex(e) return hexStr

def _generateSessionID(): return _random_hex_number()

UPD. Can I just request an access token refresh? data = { "refresh_token": self.refreshToken, "steamid": self.steamId }

    try:
        resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                             proxies=ProxyConfig.__dict__())

UPD2 Where can I get a refresh token?

ligin.py

def _pool_sessions_steam(self, client_id, request_id):
        pool_data = {
            'client_id': client_id,
            'request_id': request_id
        }
        response = self._api_call('POST', 'IAuthenticationService', 'PollAuthSessionStatus', params = pool_data)
        self.refresh_token = response.json()["response"]["refresh_token"]
SamuelKollar commented 10 months ago

Is there a tested solution for making the session last longer than a day ? If so, can anyone provide me a sample of their code ? I have been trying to make it work for some time now but cannot I seem to find a reliable solution.

steamAuto8988 commented 10 months ago

@SamuelKollar I can refresh the session with refresh_token generated by steamkit2, but the refresh_token in this project cannot refresh the session. If you need to refresh the session using the method I described, please use the refresh_token generated by steamkit2

steamAuto8988 commented 10 months ago

why is this needed? def _random_hex_number(): buffer = secrets.token_bytes(16) hexStr = '' for e in buffer: hexStr += hex(e) return hexStr def _generateSessionID(): return _random_hex_number() UPD. Can I just request an access token refresh? data = { "refresh_token": self.refreshToken, "steamid": self.steamId }

    try:
        resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                             proxies=ProxyConfig.__dict__())

UPD2 Where can I get a refresh token?

ligin.py

def _pool_sessions_steam(self, client_id, request_id):
        pool_data = {
            'client_id': client_id,
            'request_id': request_id
        }
        response = self._api_call('POST', 'IAuthenticationService', 'PollAuthSessionStatus', params = pool_data)
        self.refresh_token = response.json()["response"]["refresh_token"]

sorry,I don't know why, refresh_token generated using steampy can't refresh access_token, the current issue may be misleading. However, the refresh_token I generated using steamkit2 can be used to refresh the access_token

steamAuto8988 commented 10 months ago

good,it's still me, if you have a refresh_token ,you want alive refresh a session with steam,invoke finalized_response = self._finalize_login() self._perform_redirects(finalized_response.json()) function in class LoginExecutor.

How todo test? LoginExecutor add function def refreshSession(self): finalized_response = self._finalize_login() self._perform_redirects(finalized_response.json()) loginExecutor = LoginExecutor() loginExecutor.refresh_token='your refresh_token' loginExecutor.refreshSession()

bukson commented 10 months ago

so we can do a function refresh_session that takes this refresh token and basically clalse finalzie login and performs redicrects?

Do I understand it correctly @steamAuto8988 ?

steamAuto8988 commented 10 months ago

so we can do a function refresh_session that takes this refresh token and basically clalse finalzie login and performs redicrects?

Do I understand it correctly @steamAuto8988 ?

right,Can you commit pr?I need this function.

bukson commented 10 months ago

I will try to add it by the end of the week

bukson commented 10 months ago

So how to obtain this refresh token, LoginExecutor does it in _pool_session_steam, or should it be done manually

def refreshSession(self): 
  finalized_response = self._finalize_login()
  self._perform_redirects(finalized_response.json()) 
  loginExecutor = LoginExecutor() 
  loginExecutor.refresh_token='your refresh_token' 
  loginExecutor.refreshSession()
steamAuto8988 commented 10 months ago

So how to obtain this refresh token, LoginExecutor does it in _pool_session_steam, or should it be done manually

def refreshSession(self): 
  finalized_response = self._finalize_login()
  self._perform_redirects(finalized_response.json()) 
  loginExecutor = LoginExecutor() 
  loginExecutor.refresh_token='your refresh_token' 
  loginExecutor.refreshSession()

nice. Thank you.

bukson commented 10 months ago

It was a question, loginExecutor does refresh token by finallize login and performing redicrects, so there is no need to provide it manually right?

steamAuto8988 commented 10 months ago

It was a question, loginExecutor does refresh token by finallize login and performing redicrects, so there is no need to provide it manually right?

Yes. But my suggestion is to provide it manually, persisting the refresh token after the login is complete. Without persistence, the developer would still need to invoke the login function after restarting the application, which I feel defeats the purpose of steam providing refresh tokens. What do you think

bukson commented 10 months ago

Still quite confused. So we need to save this first refresh token to client and the use it in subsequent calls? You are saying that developer would need to do something manually (provide token) but you dont want other manual work (calling function)?

steamAuto8988 commented 10 months ago

Still quite confused. So we need to save this first refresh token to client and the use it in subsequent calls? You are saying that developer would need to do something manually (provide token) but you dont want other manual work (calling function)?

Well, I'll try to submit a PR this week, but my code is of poor quality, so merge if you feel up to it. What do you think?

bukson commented 10 months ago

I can refactor the code but keep the logic so please provide what you can

SamuelKollar commented 10 months ago

Any new updates on this issue ?

1e0n-xx commented 10 months ago

if you use SDA to login in your acc, and you will get a maFile, the refresh token is inside.

MaxsonClackson commented 9 months ago

What facts did you draw conclusions about access_token? Did you find out about this empirically through the work of the Steam js code? I did not find any functions in the code for checking values and updating steamLoginSecure. I think that the "Remember Me" checkbox sets the long life of the session and this information is stored on Steam servers, despite the lifetime of the steamLoginSecure cookie for more than a year, both when the checkbox is turned on or off.

SamuelKollar commented 9 months ago

Okay, but the problem is that when the session drops and I try to relogin the bot it doesnt work.