Steam WebAPI认证

2024-05-14 00:12:29 发布

您现在位置:Python中文网/ 问答频道 /正文
6742 3

如何通过https://api.steampowered.com/ISteamUserAuth/AuthenticateUser/v0001api方法对用户进行身份验证?在

例如,我将从https://steamcommunity.com/login/getrsakey/获取steam公钥数据,进行一些加密,然后将此数据作为POST发送到指定的api url。 但服务器每次都返回“403禁止”。在

我的代码示例:

from Crypto.Cipher import AES
from Crypto.Cipher.PKCS1_v1_5 import PKCS115_Cipher
from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
import hashlib
import json
import requests

steamid = '<MY_STEAMID64>'
steampass = '<MY_STEAM_PASSWORD>'
loginkey = hashlib.md5(bytes(steampass, 'utf-8')).hexdigest()
blob32 = get_random_bytes(32)

getrsa_url = 'https://steamcommunity.com/login/getrsakey/'
getrsa_data = {'username': '<MY_STEAM_USERNAME>'}

getrsa_resp = requests.get(getrsa_url, params=getrsa_data)
response = json.loads(getrsa_resp.text)
if response.get('success'):
    steam_publickey_mod = response.get('publickey_mod')
    steam_publickey_mod = int(steam_publickey_mod, 16)
    steam_publickey_exp = response.get('publickey_exp')
    steam_publickey_exp = int(steam_publickey_exp, 16)
    steam_rsa_key = RSA.construct((steam_publickey_mod, steam_publickey_exp))
    steam_rsa = PKCS115_Cipher(steam_rsa_key)

if steam_rsa_key.can_encrypt():
    sessionkey = steam_rsa.encrypt(blob32)
    if type(sessionkey) is tuple:
        sessionkey = sessionkey[0]
    steam_aes = AES.new(blob32)
    encrypted_loginkey = steam_aes.encrypt(loginkey)

if all([steamid, sessionkey, encrypted_loginkey]):
    authenticate_user_url = (
        'https://api.steampowered.com/ISteamUserAuth/AuthenticateUser/v0001')
    authenticate_user_json = {
        'steamid': steamid,
        'sessionkey': sessionkey,
        'encrypted_loginkey': encrypted_loginkey,
    }


if __name__ == '__main__':
    import ipdb
    ipdb.set_trace()
    authenticate_user_resp = requests.post(url=authenticate_user_url,
                                           data=authenticate_user_json)

验证用户_响应正常返回False

验证用户_责任状态代码返回403

验证用户_责任原因禁止退货

对不起,我的英语不好,请


Tags: httpsimportcommodurlgetifrsa
2条回答
网友
1楼 · 编辑于 2024-05-14 00:12:29

就我而言,你不被允许做这个操作,因此“403禁止”所以,你根本没有“授权”用你所拥有的证书来执行这个操作。在

{a1}

A 403 response generally indicates one of two conditions:

Authentication was provided, but the authenticated user is not permitted to perform the requested operation. The operation is forbidden to all users. For example, requests for a directory listing return code 403 when directory listing has been disabled.

网友
2楼 · 编辑于 2024-05-14 00:12:29

AuthenticateUser没有像你想的那样做。Steam客户端使用它为当前登录到客户端的用户获取web会话登录cookies。AuthenticateUser请求的登录密钥来自CM(客户端连接的服务器)。在

如果要将用户登录到网站,则需要使用HTTP端点。一旦您有了RSA密钥并用该密钥加密了密码,就可以通过在正文中使用以下urlencoded参数向https://steamcommunity.com/login/dologin/发布身份验证:

  • captcha_text-空字符串或提示的验证码文本
  • captchagid-提示您的验证码的GID,或者-1(如果您没有被提示)
  • emailauth-发送到电子邮件地址的Steam Guard代码,如果不适用,则为空字符串
  • emailsteamid-空字符串
  • loginfriendlyname-空字符串
  • password-您的密码,使用RSA公钥加密,以及由此产生的base64密文
  • remember_login-true如果你想记住你的登录名,false如果不想记住(字符串true和{})
  • rsatimestamp-RSA密钥的时间戳
  • twofactorcode-从移动应用程序获得的TOTP代码,如果不适用,则为空字符串
  • username-您的帐户名

相关问题 更多 >

    编程相关推荐