Closed alwaysmda closed 3 years ago
thesadru
commented
3 years ago There are actually two ways to authenticate for two different types of endpoints. The website you spoke of is for gacha logs while the cookie is for user stats, I go more into detail in the faq.
Regarding the cookies I actually just noticed their domain is actually .mihoyo.com, but they're still visible from hoyolabs.
That means you can just send them to login from the official site instead.
alwaysmda
commented
3 years ago Thanks for answering.
I've already tried the official website but I cannot access cookies through Android webview. I've noticed that also Firefox doesn't show those cookies. Maybe it's a restriction from mihoyo.
thesadru
commented
3 years ago I doubt you can just "restrict" cookies. Maybe it's just that you only have the old version of cookies, which would be account_id and cookie_token.
Could you send which cookies you do see? I could try to see what's going on.
alwaysmda
commented
3 years ago These are what I get using Firefox:
And this is what I get using Chrome:
And this is what I get using Android browser:
what I get from https://account.mihoyo.com/#/login:
G_ENABLED_IDPS=google; mi18nLang=en-us; _MHYUUID=00e77fab-0713-4b14-911c-9e153ed0172f; login_ticket=iNX16mYLlGiUGcmflkENcgzYcXysCsa3o0Lun5EJwhat I get from https://www.hoyolab.com/genshin/:
_gat=1; _ga=GA1.2.2099647256.1619417662; _gid=GA1.2.586922744.1619417662; mi18nLang=en-us; _MHYUUID=0dd2e45d-d055-4316-91bf-eb51844f8f21; login_ticket=tCCGPcQvILvS7WRjoDLh7YcVwulGg6e0T4hhAro7; account_id=133324740; cookie_token=GO76cLjbyOVNiosGAnyfSxFQBc4sq0vAqRQxY7ttWhile I can use the last one with cookie_token and account_id to access apis now, but as you updated the repository, I was trying to get ltoken and ltuid but I wasn't successful.
thesadru
commented
3 years ago I installed Firefox to look into this and yeah, it seems like the cookies are only for api-os-takumi.mihoyo.com. I have no idea how or why are firefox and chrome giving different results. For some reason, I can see the results fine mihoyo's website, but not from the account login.
After a bit of messing around, I somehow managed to get the ltoken from... somewhere.
For the time being, you can use the cookie_token and account_id, as they seem to just be some sort of backwards compatibility thing. My API still works with those but I'll try to update the readme so people can know you can use both.
You can also use https://webapi-os.account.mihoyo.com/Api/cookie_accountinfo_by_loginticket?login_ticket=<LOGIN_TICKET> to get the cookie_token and account_id from a login ticket.
alwaysmda
commented
3 years ago Although I cannot get the ltoken and ltuid, but the new api to get old cookie data using login_ticket is very good!!
I hope they don't remove cookie_token and account_id anytime soon :D
Please let me know if you found any other ways to get new cookies.
Hello again :D
I'm trying to use api info to create an Android application to show user's info. Unfortunately I cannot get the
ltokenandltuidcookies from device. Maybe it's because they are secured values.There is a website
https://genshin-wishes.com/that uses the feedback link to authenticate and shows detailed gacha logs.I wonder if we can use this method to access apis.
Thank you!