thesadru / genshinstats

PLEASE USE GENSHIN.PY A python library that can get the stats of Genshin Impact players using Mihoyo's API. PLEASE USE GENSHIN.PY
https://thesadru.github.io/pdoc/genshinstats/
MIT License
268 stars 38 forks source link

Another way to authenticate? #3

Closed alwaysmda closed 3 years ago

alwaysmda commented 3 years ago

Hello again :D

I'm trying to use api info to create an Android application to show user's info. Unfortunately I cannot get the ltoken and ltuid cookies from device. Maybe it's because they are secured values.

There is a website https://genshin-wishes.com/ that uses the feedback link to authenticate and shows detailed gacha logs.

I wonder if we can use this method to access apis.

Thank you!

thesadru commented 3 years ago

There are actually two ways to authenticate for two different types of endpoints. The website you spoke of is for gacha logs while the cookie is for user stats, I go more into detail in the faq.

Regarding the cookies I actually just noticed their domain is actually .mihoyo.com, but they're still visible from hoyolabs. That means you can just send them to login from the official site instead.

image

alwaysmda commented 3 years ago

Thanks for answering.

I've already tried the official website but I cannot access cookies through Android webview. I've noticed that also Firefox doesn't show those cookies. Maybe it's a restriction from mihoyo.

thesadru commented 3 years ago

I doubt you can just "restrict" cookies. Maybe it's just that you only have the old version of cookies, which would be account_id and cookie_token.

Could you send which cookies you do see? I could try to see what's going on.

alwaysmda commented 3 years ago

These are what I get using Firefox:

Screen Shot 2021-04-26 at 10 41 45 AM

And this is what I get using Chrome:

Screen Shot 2021-04-26 at 10 43 13 AM

And this is what I get using Android browser:

what I get from https://account.mihoyo.com/#/login:

G_ENABLED_IDPS=google; mi18nLang=en-us; _MHYUUID=00e77fab-0713-4b14-911c-9e153ed0172f; login_ticket=iNX16mYLlGiUGcmflkENcgzYcXysCsa3o0Lun5EJ

what I get from https://www.hoyolab.com/genshin/:

_gat=1; _ga=GA1.2.2099647256.1619417662; _gid=GA1.2.586922744.1619417662; mi18nLang=en-us; _MHYUUID=0dd2e45d-d055-4316-91bf-eb51844f8f21; login_ticket=tCCGPcQvILvS7WRjoDLh7YcVwulGg6e0T4hhAro7; account_id=133324740; cookie_token=GO76cLjbyOVNiosGAnyfSxFQBc4sq0vAqRQxY7tt

While I can use the last one with cookie_token and account_id to access apis now, but as you updated the repository, I was trying to get ltoken and ltuid but I wasn't successful.

thesadru commented 3 years ago

I installed Firefox to look into this and yeah, it seems like the cookies are only for api-os-takumi.mihoyo.com. I have no idea how or why are firefox and chrome giving different results. For some reason, I can see the results fine mihoyo's website, but not from the account login. After a bit of messing around, I somehow managed to get the ltoken from... somewhere.

For the time being, you can use the cookie_token and account_id, as they seem to just be some sort of backwards compatibility thing. My API still works with those but I'll try to update the readme so people can know you can use both.

You can also use https://webapi-os.account.mihoyo.com/Api/cookie_accountinfo_by_loginticket?login_ticket=<LOGIN_TICKET> to get the cookie_token and account_id from a login ticket.

alwaysmda commented 3 years ago

Although I cannot get the ltoken and ltuid, but the new api to get old cookie data using login_ticket is very good!! I hope they don't remove cookie_token and account_id anytime soon :D

Please let me know if you found any other ways to get new cookies.