webauth

This module simplifies the process of obtaining an authenticated session for steam websites. After authentication is completed, a requests.Session is created containing the auth cookies. The session can be used to access steamcommunity.com, store.steampowered.com, and help.steampowered.com.

Warning

A web session may expire randomly, or when you login from different IP address. Some pages will return status code 401 when that happens. Keep in mind if you are trying to write robust code.

Note

If you are using SteamClient take a look at SteamClient.get_web_session()

Note

If you need to authenticate as a mobile device for things like trading confirmations use MobileWebAuth instead. The login process is identical, and in addition you will get oauth_token.

Example usage:

import steam.webauth as wa

user = wa.WebAuth('username')

# At a console, cli_login can be used to easily perform all login steps
session = user.cli_login('password')
session.get('https://store.steampowered.com/account/history')

# Or the login steps be implemented for other situation like so
try:
    user.login('password')
except (wa.CaptchaRequired, wa.LoginIncorrect) as exp:
    if isinstance(exp, LoginIncorrect):
        # ask for new password
    else:
        password = self.password

    if isinstance(exp, wa.CaptchaRequired):
        print user.captcha_url
        # ask a human to solve captcha
    else:
        captcha = None

    user.login(password=password, captcha=captcha)
except wa.EmailCodeRequired:
    user.login(email_code='ZXC123')
except wa.TwoFactorCodeRequired:
    user.login(twofactor_code='ZXC123')

user.session.get('https://store.steampowered.com/account/history/')

steam.webauth.get_steam_api_url(steam_api_interface: str, steam_api_method: str, steam_api_version: int) → str

Get URL for Steam API requests.

class steam.webauth.WebAuth(username: str = '', password: str = '')

Bases: object

New WEB Auth class.

This class works with Steam API:

https://steamapi.xpaw.me/#IAuthenticationService

Currently, supports bsaic login/password auth with no 2FA, 2FA via steam guard code and 2FA via EMAIL confirmation.

TODO: Add QR code support.

TODO: Fully rework api handling. PUT api into separate class,

in order to make this class responsible only for actual auth.

IMPORTANT:

Actually, at real login page steam handles function little bit different. e.g. https://api.steampowered.com/IAuthenticationService/BeginAuthSessionViaCredentials/v1 can handle multipart/form-data; with something like.

{

input_protobuf_encoded: EgxhbmFjb25kYXJ0dXIa2AJodHgzZzlJaWY4dGE4RGxqR2VWbncwZWpxdi9uNDByRkZxaFduVk12VFFhRm1ZU1F4MHlrYUlJNmFURlVJWEQ5Z2VXMTlObWJDc3pydmNQZ1RTVllyOWl0SW5EWjgzMVh0YWtOaHJaUk9JN1lvMzhpb2xHRmdHdVBZT3NsekErTHZNZlJoQ3YzL1JFaEpNQlhjaXhzNklRRTZjbnM4d1JWbGI0TVA1Nzd0MHpGajRpcWF4U21KbnVjRDh5YzVIVkYvMERlMnFKd3dGTG0vR3B4SEdreFFlQURzZi9OTXJMTUszcWxnR3NLZm4ycGxNOGhkMzF3YnErSUlCZkNJb3dFZWExaUpJcmVjYkdLT0EvRlJ5VFpSQlVoVitLQmt6TGk3THY1UjVNYVRJSzNPTCtCMUZnZ2xWSG94c0ErTm5BMHVqSVZWZ0ZRdGpDL2tMTjd0SmhYamc9PSCA+aCT0ggoATgBQgVTdG9yZUqBAQp9TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNi4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi8xMDIuMC4wLjAQAlgI

} it’s protobuf encoded value. You can decode it here:

https://protobuf-decoder.netlify.app

some fields I can understand:

2. string - steamlogin

3. string - encrypted password

4. timestamp to map to a key - STime

5) some INT (probably it’s always 1) it’s DEPRECATED 7) whether we are requesting a persistent or an ephemeral session 8) (EMachineAuthWebDomain) identifier of client requesting auth.

e.g. “Store”

9. Protobuf of device type (see CAuthentication_DeviceDetails):

   9.1) string - User-Agent 9.2) Int - platform identifier e.g. 2 (means Web Browser)

   (See EAuthTokenPlatformType protobuf).

   9.3) os_type (MOSTLY NOT PRESENTED IN REAL REQUESTS) 9.4) gaming_device_type (MOSTLY NOT PRESENTED IN REAL REQUESTS)

11. UNDOCUMENTED AT ALL: Some number (like 8)

FIELD NUMBERS I SKIPPED MEANS THEY ARE NOT PRESENTED IN REAL REQUEST

We currently uses basic multipart/form-data and “key-value” data presentation. But I Think, it’s important to know, that real steam works differently, and maybe we can once upon a time simulate it’s REAL behavior.

send_api_request(steam_api_interface: str, steam_api_method: str, steam_api_version: int, data: Any)

Send request to Steam API via requests

login(username: str = '', password: str = '', code: str = None) → Session

Log in user by new Steam API

If user has no need 2FA, this function will just log in the user. If 2FA SteamGuard code needed, when user can provide it just with guard.SteamAuthenticator.get_code like it always was.

If Email code is required, when user can provide email_required. If email_required was provided, when this function only setup auth and return new function.

This function will receive email code. Once email code will be provided authentication process will be complete. If wrong code provided in this new function, when error will be raised. And new code will be waited.

logout_everywhere()

Log out on every device.

This function works just like button at https://store.steampowered.com/twofactor/manage and allows user to logout on every device. Can be VERY useful e.g. for users, who practice account rent.

cli_login(username: str = '', password: str = '', code: str = None) → Session

Generates CLI prompts to perform the entire login process

If you use email confirm, provide email_required = True, else just provide code.

class steam.webauth.MobileWebAuth(username: str = '', password: str = '')

Bases: WebAuth

Identical to WebAuth, except it authenticates as a mobile device.

oauth_token = None

holds oauth_token after successful login

oauth_login(oauth_token='', steam_id='', language='english')

Attempts a mobile authenticator login using an oauth token, which can be obtained from a previously logged-in MobileWebAuth

Parameters:

• oauth_token (str) – oauth token string, if it wasn’t provided on instance init

• steam_id (str or SteamID) – SteamID of the account to log into, if it wasn’t provided on instance init

• language (str) – select language for steam web pages (sets language cookie)

Returns:

a session on success and None otherwise

Return type:

requests.Session, None

Raises:

• HTTPError – any problem with http request, timeouts, 5xx, 4xx etc

• LoginIncorrect – Invalid token or SteamID

exception steam.webauth.WebAuthException

Bases: Exception

exception steam.webauth.AuthTypeNotSupported

Bases: WebAuthException

exception steam.webauth.TwoFactorAuthNotProvided

Bases: WebAuthException

exception steam.webauth.HTTPError

Bases: WebAuthException

exception steam.webauth.LoginIncorrect

Bases: WebAuthException

exception steam.webauth.CaptchaRequired

Bases: WebAuthException

exception steam.webauth.CaptchaRequiredLoginIncorrect

Bases: CaptchaRequired, LoginIncorrect

exception steam.webauth.EmailCodeRequired

Bases: WebAuthException

exception steam.webauth.TwoFactorCodeRequired

Bases: WebAuthException

exception steam.webauth.TooManyLoginFailures

Bases: WebAuthException