minecraft sts auth working, but minecraft services auth requires aproval from mojang

2024-10-25 12:27:29 -06:00 · 2024-10-25 12:27:29 -06:00 · e11f1f1a4c
commit e11f1f1a4c
parent 16ad6e7427
2 changed files with 61 additions and 7 deletions
--- a/main.go
+++ b/main.go
@ -12,6 +12,13 @@ import (

 const client_id string = "9305aeb8-5ecb-4e7a-b28f-c33aefcfbd8d"

+type Authentication struct {
+	Access   authenticationResp
+	XboxAuth xboxAuthResponse
+	XboxAPI  xboxAuthResponse
+	McAPI    xboxAuthResponse
+}
+
 type devCodeResp struct {
 	User_code        string
 	Device_code      string
@ -44,6 +51,12 @@ type xboxAuthRequest struct {

 type xboxDisplayClaim struct {
 	Uhs string
+	Gtg string
+	Xid string
+	Agg string
+	Usr string
+	Utr string
+	Prv string
 }

 type xboxDisplayClaims struct {
@ -68,6 +81,16 @@ type XSTSRequest struct {
 	TokenType    string
 }

+type McAuthRequest struct {
+	Xtoken   string `json:"xtoken"`
+	Platform string `json:"platform"`
+}
+
+type McAuthRequest2 struct {
+	IdentityToken       string `json:"identityToken"`
+	EnsureLegacyEnabled bool   `json:"ensureLegacyEnabled"`
+}
+
 func main() {

 	resp, err := http.PostForm("https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode", url.Values{
@ -89,7 +112,7 @@ func main() {
 		fmt.Println(codeResp.Message)
 		ticker := time.NewTicker(time.Second * time.Duration(codeResp.Interval))
 		defer ticker.Stop()
-		authentication := authenticationResp{}
+		auth := Authentication{}
 		for range ticker.C {
 			resp, err := http.PostForm("https://login.microsoftonline.com/consumers/oauth2/v2.0/token", url.Values{
 				"client_id":   {client_id},
@ -108,12 +131,12 @@ func main() {
 			json.Unmarshal(data, &authResp)
 			if authResp.Error == "" {
 				fmt.Printf("Authenticated!\n")
-				authentication = authResp
+				auth.Access = authResp
 				break
 			}

 		}
-		req, _ := json.Marshal(xboxAuthRequest{Properties: xboxAuthProperties{AuthMethod: "RPS", SiteName: "user.auth.xboxlive.com", RpsTicket: "d=" + authentication.Access_token}, RelyingParty: "http://auth.xboxlive.com", TokenType: "JWT"})
+		req, _ := json.Marshal(xboxAuthRequest{Properties: xboxAuthProperties{AuthMethod: "RPS", SiteName: "user.auth.xboxlive.com", RpsTicket: "d=" + auth.Access.Access_token}, RelyingParty: "http://auth.xboxlive.com", TokenType: "JWT"})
 		client := http.Client{}
 		httpReq, _ := http.NewRequest("POST", "https://user.auth.xboxlive.com/user/authenticate", bytes.NewBuffer(req))
 		httpReq.Header.Add("x-xbl-contract-version", "1")
@ -128,9 +151,8 @@ func main() {
 			fmt.Printf("XboxLive Error: %s\n", httpResp.Status)
 		}
 		d, _ := io.ReadAll(httpResp.Body)
-		xboxAPI := xboxAuthResponse{}
-		json.Unmarshal(d, &xboxAPI)
-		xstsData, _ := json.Marshal(XSTSRequest{Properties: XSTSProperties{SandboxId: "RETAIL", UserTokens: []string{xboxAPI.Token}}, RelyingParty: "http://xboxlive.com", TokenType: "JWT"})
+		json.Unmarshal(d, &auth.XboxAuth)
+		xstsData, _ := json.Marshal(XSTSRequest{Properties: XSTSProperties{SandboxId: "RETAIL", UserTokens: []string{auth.XboxAuth.Token}}, RelyingParty: "http://xboxlive.com", TokenType: "JWT"})
 		httpXstsReq, _ := http.NewRequest("POST", "https://xsts.auth.xboxlive.com/xsts/authorize", bytes.NewBuffer(xstsData))
 		httpXstsReq.Header.Add("Content-Type", "application/json")
 		httpResp, err = client.Do(httpXstsReq)
@ -142,7 +164,39 @@ func main() {
 			fmt.Printf("XboxLive STS error: %s\n", httpResp.Status)
 		}
 		d, _ = io.ReadAll(httpResp.Body)
-		fmt.Printf("XboxLive STS Response: %s\n", d)
+		json.Unmarshal(d, &auth.XboxAPI)
+
+		xstsData, _ = json.Marshal(XSTSRequest{Properties: XSTSProperties{SandboxId: "RETAIL", UserTokens: []string{auth.XboxAuth.Token}}, RelyingParty: "rp://api.minecraftservices.com/", TokenType: "JWT"})
+		httpXstsReq, _ = http.NewRequest("POST", "https://xsts.auth.xboxlive.com/xsts/authorize", bytes.NewBuffer(xstsData))
+		httpXstsReq.Header.Add("Content-Type", "application/json")
+		httpResp, err = client.Do(httpXstsReq)
+		if err != nil {
+			fmt.Printf("Minecraft STS error: %s\n", err)
+		}
+		defer httpResp.Body.Close()
+		if httpResp.StatusCode != 200 {
+			fmt.Printf("Minecraft STS error: %s\n", httpResp.Status)
+		}
+		d, _ = io.ReadAll(httpResp.Body)
+		json.Unmarshal(d, &auth.McAPI)
+		if auth.McAPI.DisplayClaims.Xui[0].Uhs != auth.XboxAPI.DisplayClaims.Xui[0].Uhs {
+			fmt.Printf("Warning: Inconsistant user hash!")
+		}
+		mcAuthData, _ := json.Marshal(McAuthRequest2{IdentityToken: "XBL3.0 x=" + auth.McAPI.DisplayClaims.Xui[0].Uhs + ";" + auth.McAPI.Token, EnsureLegacyEnabled: true})
+		fmt.Printf("MC Auth Data: %s\n", mcAuthData)
+		httpReqMC, _ := http.NewRequest("POST", "https://api.minecraftservices.com/authentication/login_with_xbox", bytes.NewBuffer(mcAuthData))
+		httpReqMC.Header.Add("Content-Type", "application/json")
+		httpReqMC.Header.Add("Accept", "application/json")
+		resp, err = client.Do(httpReqMC)
+		if err != nil {
+			fmt.Printf("MC Auth Error: %s\n", err)
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != 200 {
+			fmt.Printf("MC Auth Error: %s\n", resp.Status)
+		}
+		d, _ = io.ReadAll(resp.Body)
+		fmt.Printf("MC Auth Response: %s\n", d)
 	}

 	/*
--- a/BIN
+++ b/BIN