Jessecar96
commented
1 year ago Thank you for the PR but this method no longer works since Steam updated their app.
Closed Rudokhvist closed 1 year ago
Jessecar96
commented
1 year ago Thank you for the PR but this method no longer works since Steam updated their app.
dyc3
commented
1 year ago For anyone that's curious, the correct way to do this is to call RemoveAuthenticatorViaChallengeStart with generate_new_token = true, followed by RemoveAuthenticatorViaChallengeContinue on ITwoFactorService. All the parameters can be found in steam's protobuf files: https://github.com/SteamDatabase/Protobufs/blob/master/webui/service_twofactor.proto
Moder112
commented
1 year ago @dyc3 Did you get that to work? I tried adding it as a feature to steam-user, however sending the RemoveAuthenticatorViaChallengeStart protobuf resulted in a empty response, and no code being sent. As for the service api it calls for the "key" parameter, which elsewhere is the api key, but attempting to use it here just results in a 401 and the message to check the key, so I'm not sure if that's correct.
I'm honestly a bit stuck here and I'm interested in hearing how did you get it to work.
dyc3
commented
1 year ago The key parameter is actually not necessary, you have to send the access_token jwt that you get from logging in. This is how steamguard-cli does it: https://github.com/dyc3/steamguard-cli/blob/master/steamguard/src/transport/webapi.rs#L57
If you have any other questions, feel free to open a discussion on the steamguard-cli repo so we aren't spamming the people here with notifications.
Steam mobile app allows user to move authenticator to another device, as long as they still have valid phone number. From what I've heard (haven't tested myself), trade hold period is much lower this way comparing to removing authenticator and making new one, and also it's just convenient. So I decided SteamAuth (and SDA) need this feature. PR to SDA will follow.