Valve implemented a new method for authentication (CAuthentication). Support this natively/easily?

[ABaumher]

As of March 2023, Valve changed how authentication works, and you can only use Client Login for a single session. They removed a client logon key messsage, which you could previously get a token from to stay logged in without user prompts. The new method is to use "CAuthentication", which is a series of Unified Messages (or Service Messages, if you prefer). It's essentially OAuth2, but through the network instead of a web api.

It's currently possible to do this in your code using a very specific set of send_um or send_um_and_wait, but these aren't something a normal person could stumble on. i was wondering if you would want to implement this in a more elegant manner. For reference, SteamKit added an entire namespace SteamKit.Authentication and several helper methods: GetPasswordRSAPublicKeyAsync, BeginAuthSessionViaCredentialsAsync, and PollingWaitForResultAsync, which can be used to get an access and refresh token. The sample code is at https://github.com/SteamRE/SteamKit/tree/master/Samples/1a.Authentication

I mention this because I am doing this very thing in the GOG Galaxy Integration. Unfortunately, our code base is terrible (i'm working on a refactor, but prioritizing getting it working), and we use ayncio instead of gevent, so i couldn't just do a PR with what we have, but i could provide instructions on how to do it. I suppose i could bite the bullet and implement it here (learn your code, and then fork, implement, and PR), but I don't know how you'd want to implement it here, if you even want to at all. Idk if you want to support a persistent login, if that opens some sort of pandora's box or whatever.

As for the how, i can explain more in IRC or whatever, or you can look at steamkit's implementation, though i must warn it's obfuscated in some relatively clever ways. I actually missed the initial "Client Hello Message" and only caught it from a merge comment.

[ABaumher]

Also, i don't exactly know how gevent works, but it looks like you might need to monkey patch by default with this authentication stuff. I could be reading that wrong, though, but if i am not, that is likely something to consider

[rossengeorgiev]

Yes, Valve has change quite a few bits. I have a patch set to update authentication across the package and implement the new flows, but is still incomplete, I'm aiming to pushing some time these month if time allows.

[ABaumher]

cool. I'll leave the discussion open, feel free to question me if you hit something unexpected. Though i think you're better at this than i am.