Simple Xbox Live authentication module.
$ npm install @xboxreplay/xboxlive-auth
$ git clone [email protected]:XboxReplay/xboxlive-auth.git
$ npm run build
$ npm run test
import XboxLiveAuth from '@xboxreplay/xboxlive-auth';
XboxLiveAuth.authenticate('[email protected]', '*********')
.then(console.info)
.catch(console.error);
Sample response:
{
"userXUID": "2535465515082324", // May be null
"userHash": "1890318589445465111",
"XSTSToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.iMrN7XT_jCcRXWKwUo_JPWeRO75dBOGTzerAO",
"expiresOn": "2019-04-05T05:43:32.6275675Z" // May be null
}
- email {string}
- password {string}
- options {Object?}
- XSTSRelyingParty {string?} - Default: http://xboxlive.com
The best way to interact with the API is to use our XboxLive-API module which has the XboxLive-Auth as a peer dependency. That said, a cURL example is available below.
Sample call:
$ curl 'https://profile.xboxlive.com/users/gt(Zeny%20IC)/profile/settings?settings=Gamerscore' \
-H 'Authorization: XBL3.0 x={userHash};{XSTSToken}' \
-H 'x-xbl-contract-version: 2'
Sample response:
{
"profileUsers": [
{
"id": "2535465515082324",
"hostId": "2535465515082324",
"settings": [
{
"id": "Gamerscore",
"value": "6270"
}
],
"isSponsoredUser": false
}
]
}
The "XSTSRelyingParty" is a domain configured by Microsoft and / or its partners to create a XSTS token which is intended to be used for a targeted service. For instance, if you use http://beam.pro/ you will be able to interact with the private Mixer.com API. A partial list can be found here: https://title.mgt.xboxlive.com/titles/default/endpoints?type=4.
2FA, or guidelines update detection, are not supported by this module (yet) which may cause some issues if you try to run this code in a production environment. As said, it's a simple one! Feel free to open a pull request if you have a workaround.
Take a look at https://account.live.com/activity. Recent activities (from unknown location, as a production server) may be blocked.