Skip to content

Instantly share code, notes, and snippets.

@tuxuser
Created September 2, 2020 09:15
Show Gist options
  • Star 43 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save tuxuser/8b7cc153cdecd0a9c3f2694850fa90bd to your computer and use it in GitHub Desktop.
Save tuxuser/8b7cc153cdecd0a9c3f2694850fa90bd to your computer and use it in GitHub Desktop.
Sign in to Xbox Live with OAUTH2
"""
Sign in to Xbox Live with OAUTH2
1. Go to https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
2. Register new app ("+ New registration")
2.1. Enter a name for your app
2.2. Set "Supported account types" to "Personal Microsoft accounts only"
2.3. Click register
2.4. Choose "Redirect URIs" -> "Add a Redirect URI"
2.5. Click "Add a platform" -> "Mobile and desktop applications"
2.6. Enter custom redirect URI (Use something like "https://localhost/oauth_success" for testing)
3. From the overview of your app page, copy "Application (client) ID" to CLIENT_ID below in the py code
4. Replace REDIRECT_URI in the py code with the actual URI set in Azure app registration
5. Test and profit ;)
"""
import requests
CLIENT_ID = "00000000-0000-0000-0000-000000000000"
REDIRECT_URI = "https://localhost/oauth_success"
def main():
"""
Authorize account for app and receive authorization code
"""
url = "https://login.live.com/oauth20_authorize.srf"
query_params = {
"client_id": CLIENT_ID,
"response_type": "code",
"approval_prompt": "auto",
"scope": "Xboxlive.signin Xboxlive.offline_access",
"redirect_uri": REDIRECT_URI,
}
destination_url = requests.Request("GET", url, params=query_params).prepare().url
print("Authorize using following URL: " + destination_url)
authorization_code = input("Enter Code:")
"""
Authenticate account via authorization code and receive access/refresh token
"""
base_url = "https://login.live.com/oauth20_token.srf"
params = {
"grant_type": "authorization_code",
"client_id": CLIENT_ID,
"scope": "Xboxlive.signin Xboxlive.offline_access",
"code": authorization_code,
"redirect_uri": REDIRECT_URI,
}
resp = requests.post(base_url, data=params)
if resp.status_code != 200:
print("Failed to get access token")
return
access_token = resp.json()["access_token"]
"""
Authenticate via access token and receive user token
"""
url = "https://user.auth.xboxlive.com/user/authenticate"
headers = {"x-xbl-contract-version": "1"}
data = {
"RelyingParty": "http://auth.xboxlive.com",
"TokenType": "JWT",
"Properties": {
"AuthMethod": "RPS",
"SiteName": "user.auth.xboxlive.com",
"RpsTicket": "d=" + access_token,
},
}
resp = requests.post(url, json=data, headers=headers)
if resp.status_code != 200:
print("Invalid response")
return
user_token = resp.json()["Token"]
"""
Authorize via user token and receive final X token
"""
url = "https://xsts.auth.xboxlive.com/xsts/authorize"
headers = {"x-xbl-contract-version": "1"}
data = {
"RelyingParty": "http://xboxlive.com",
"TokenType": "JWT",
"Properties": {
"UserTokens": [user_token],
"SandboxId": "RETAIL",
},
}
resp = requests.post(url, json=data, headers=headers)
if resp.status_code != 200:
print("Invalid response")
return
print(":::XTOKEN:::")
print(resp.json())
if __name__ == "__main__":
main()
@MrZillaGold
Copy link

🧡

@Francois-LB-GT
Copy link

Amazing work. I Struggle so long just find something like this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment