0

When authenticating with the xbox live api the following code returns 400.

For full context, here is the full source of the described method: https://github.com/MCServerScout/Discord-Bot/blob/d0c5f7acbb646a86ae2d5b49941ea26c8af67196/pyutils/minecraft.py#L274

async def get_token(clientID, redirect_uri, act_code):
    # get access token (this is fine)
    endpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"
    async with aiohttp.ClientSession() as oauthSession:
        async with oauthSession.post(
                endpoint,
                data={
                    "client_id": clientID,
                    "scope": "XboxLive.signin",
                    "code": act_code,
                    "redirect_uri": redirect_uri,
                    "grant_type": "authorization_code",
                },
                headers={
                    "Content-Type": "application/x-www-form-urlencoded",
                },
        ) as res:
            # get the access token
            if res.status == 200:
                accessToken = (await res.json())["access_token"]
            else:
                logger.print("Failed to get access token")
                try:
                    error_j = await res.json()
                    logger.error(error_j["error"], error_j["error_description"])
                except KeyError:
                    logger.error(res.reason)
                return {"type": "error", "error": "Failed to get access token"}

    # verify account (this returns 400)
    url = "https://user.auth.xboxlive.com/user/authenticate"
    async with aiohttp.ClientSession() as xblSession:
        async with xblSession.post(
                url,
                data={  # can be either json dict or stringified dict (via dumps)
                    "Properties": {
                        "AuthMethod": "RPS",
                        "SiteName": "user.auth.xboxlive.com",
                        "RpsTicket": f"d={accessToken}",
                    },
                    "RelyingParty": "https://auth.xboxlive.com",
                    "TokenType": "JWT",
                },
                headers={
                    "Content-Type": "application/json",
                    "Accept": "application/json",
                },
        ) as res2:
            if res2.status == 200:
                xblToken = (await res2.json())["Token"]
                logger.print("Verified account: " + xblToken)
            else:
                logger.print("Failed to verify account")
                logger.error(res2.reason, res2.request_info)
                logger.error(await res2.text())
                return {"type": "error", "error": "Failed to verify account"}

I've recheck what I think is everything, the headers are correct, all of the provided info is correct.

The request is also following the following scheme: https://wiki.vg/Microsoft_Authentication_Scheme

Pilot1782
  • 13
  • 3

0 Answers0