Last active
March 20, 2021 17:03
-
-
Save LostLuma/9def88fbdd5689b984988e1f9c762735 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib.parse | |
| import requests | |
| CLIENT_ID = '432a893c-df7f-48d5-8f57-88d8e72a737f' | |
| CLIENT_SECRET = '...' | |
| REDIRECT_URI = 'http://localhost:1234/verify/xbox' | |
| def get_xbox_url(): | |
| base = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize' | |
| params = urllib.parse.urlencode({ | |
| 'client_id': CLIENT_ID, | |
| 'response_type': 'code', | |
| 'redirect_uri': REDIRECT_URI, | |
| 'scope': 'xboxlive.signin offline_access', | |
| 'response_mode': 'query', | |
| }) | |
| return base + '?' + params | |
| def get_xbox_access_token(code): | |
| url = 'https://login.microsoftonline.com/common/oauth2/v2.0/token' | |
| params = urllib.parse.urlencode({ | |
| 'client_id': CLIENT_ID, | |
| 'grant_type': 'authorization_code', | |
| 'scope': 'xboxlive.signin offline_access', | |
| 'code': code, | |
| 'redirect_uri': REDIRECT_URI, | |
| 'client_secret': CLIENT_SECRET, | |
| }) | |
| resp = requests.post(url, data=params) | |
| return resp.json() | |
| def refresh_xbox_access_token(code): | |
| url = 'https://login.microsoftonline.com/common/oauth2/v2.0/token' | |
| params = urllib.parse.urlencode({ | |
| 'client_id': CLIENT_ID, | |
| 'grant_type': 'refresh_token', | |
| 'scope': 'xboxlive.signin offline_access', | |
| 'refresh_token': code, | |
| 'client_secret': CLIENT_SECRET, | |
| }) | |
| resp = requests.post(url, data=params) | |
| return resp.json() | |
| def get_rps_ticket(access_token, ticket_type='d'): | |
| url = 'https://user.auth.xboxlive.com/user/authenticate' | |
| headers = { | |
| 'Content-Type': 'application/json', | |
| } | |
| data = { | |
| 'RelyingParty': 'http://auth.xboxlive.com', | |
| 'TokenType': 'JWT', | |
| 'Properties': { | |
| 'AuthMethod': 'RPS', | |
| 'SiteName': 'user.auth.xboxlive.com', | |
| 'RpsTicket': f'{ticket_type}={access_token}', | |
| } | |
| } | |
| resp = requests.post(url, json=data, headers=headers) | |
| return resp.json() | |
| def xsts_authorize(access_token): | |
| url = 'https://xsts.auth.xboxlive.com/xsts/authorize' | |
| headers = { | |
| 'Content-Type': 'application/json', | |
| "x-xbl-contract-version": "1" | |
| } | |
| data = { | |
| "RelyingParty": "http://xboxlive.com", | |
| "TokenType": "JWT", | |
| "Properties": { | |
| "UserTokens": [access_token], | |
| "SandboxId": "RETAIL", | |
| } | |
| } | |
| resp = requests.post(url, headers=headers, json=data) | |
| return resp.json() | |
| def get_xbox_profile(user_hash, auth_token): | |
| url = 'https://profile.xboxlive.com/users/me/profile/settings' | |
| params = urllib.parse.urlencode({ | |
| 'settings': 'GameDisplayPicRaw,Gamerscore,Gamertag,AccountTier,XboxOneRep,PreferredColor,RealName,Bio,TenureLevel,Watermarks,Location,ShowUserAsAvatar' | |
| }) | |
| headers = { | |
| 'Accept': 'application/json', | |
| 'X-XBL-Contract-Version': '3', | |
| 'Authorization': f'XBL3.0 x={user_hash};{auth_token}' | |
| } | |
| resp = requests.get(url + '?' + params, headers=headers) | |
| return resp.json() | |
| def get_other_xbox_profile(xuid, user_hash, auth_token): | |
| url = f'https://profile.xboxlive.com/users/xuid({xuid})/profile/settings' | |
| params = urllib.parse.urlencode({ | |
| 'settings': 'Gamertag' | |
| }) | |
| headers = { | |
| 'Accept': 'application/json', | |
| 'X-XBL-Contract-Version': '3', | |
| 'Authorization': f'XBL3.0 x={user_hash};{auth_token}' | |
| } | |
| resp = requests.get(url + '?' + params, headers=headers) | |
| return resp.json() | |
| def get_other_xbox_profile_gt(gt, user_hash, auth_token): | |
| url = f'https://profile.xboxlive.com/users/gt({gt})/profile/settings' | |
| params = urllib.parse.urlencode({ | |
| 'settings': 'Gamertag' | |
| }) | |
| headers = { | |
| 'Accept': 'application/json', | |
| 'X-XBL-Contract-Version': '3', | |
| 'Authorization': f'XBL3.0 x={user_hash};{auth_token}' | |
| } | |
| resp = requests.get(url + '?' + params, headers=headers) | |
| return resp.json() | |
| def oauth_test(refresh): | |
| if refresh: | |
| result = refresh_xbox_access_token(input('code: ')) | |
| else: | |
| print(get_xbox_url()) | |
| result = get_xbox_access_token(input('code: ')) | |
| print(result) | |
| user_token = get_rps_ticket(result['access_token']) | |
| print(user_token) | |
| xsts_token = xsts_authorize(user_token['Token']) | |
| print(xsts_token) | |
| user_id = xsts_token['DisplayClaims']['xui'][0]['xid'] | |
| gamertag = xsts_token['DisplayClaims']['xui'][0]['gtg'] | |
| userhash = xsts_token['DisplayClaims']['xui'][0]['uhs'] | |
| user_data = get_xbox_profile(userhash, xsts_token['Token']) | |
| print(user_data) | |
| oauth_test(False) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment