A light but advanced Xbox Live authentication module with OAuth2.0 and Electron support.
Due to security reasons (CORS for instance), this library has been designed to only run on a node.js environment.
A lot of breaking changes have been made since the latest 3.3.3 release. Please make sure to take a look and follow each step from the authenticate documentation.
$ npm install @xboxreplay/xboxlive-auth
import { authenticate } from '@xboxreplay/xboxlive-auth';
authenticate('name@domain.com', '*********')
.then(console.info)
.catch(console.error);
{
"xuid": "2584878536129841", // May be null based on the specified "RelyingParty"
"user_hash": "3218841136841218711",
"xsts_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"display_claims": { // May vary based on the specified "RelyingParty"
"gtg": "Zeny IC",
"xid": "2584878536129841",
"uhs": "3218841136841218711",
"agg": "Adult",
"usr": "234",
"utr": "190",
"prv": "185 186 187 188 191 192 ..."
},
"expires_on": "2021-04-13T05:43:32.6275675Z"
}
- Basic authentication
- Use a custom Azure Application (OAuth2.0)
- Experimental methods, such as "deviceToken" generation
- What's a RelyingParty and how to use it
- Available methods in this library
- Known issues and possible workarounds
- How to deal with unauthorized "AgeGroup" authentication
The best way to interact with the API is to use our @xboxreplay/xboxlive-auth module. That said, a cURL example is available below and can be replicated using axios
or another HTTP client for node.js.
$ curl 'https://profile.xboxlive.com/users/gt(Major%20Nelson)/profile/settings?settings=Gamerscore' \
-H 'Authorization: XBL3.0 x={userHash};{XSTSToken}' \
-H 'x-xbl-contract-version: 2'
Exposed authenticate
and authenticateWithUserCredentials
methods can not deal with 2FA but a workaround may be possible using the authenticateWithUserRefreshToken
one. Please take a look at authenticate documentation. Additional improvements regarding this issue are not planned.
Please refer to the dedicated documention.
MIT