{"id":14070451,"url":"https://github.com/XboxReplay/xboxlive-auth","last_synced_at":"2025-07-30T07:33:26.022Z","repository":{"id":34079952,"uuid":"168234556","full_name":"XboxReplay/xboxlive-auth","owner":"XboxReplay","description":"A light but advanced Xbox Live authentication module with OAuth2.0 and Electron support.","archived":false,"fork":false,"pushed_at":"2023-04-30T08:36:18.000Z","size":308,"stargazers_count":92,"open_issues_count":6,"forks_count":16,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-11-20T00:11:34.397Z","etag":null,"topics":["authentication","electron","live","nodejs","oauth2","typescript","xbox","xboxlive"],"latest_commit_sha":null,"homepage":"https://www.xboxreplay.net/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/XboxReplay.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-29T21:47:54.000Z","updated_at":"2024-08-04T02:27:00.000Z","dependencies_parsed_at":"2024-08-13T07:17:17.422Z","dependency_job_id":"bef0f306-585c-4722-a00a-fef1e3395800","html_url":"https://github.com/XboxReplay/xboxlive-auth","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/XboxReplay%2Fxboxlive-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/XboxReplay%2Fxboxlive-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/XboxReplay%2Fxboxlive-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/XboxReplay%2Fxboxlive-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/XboxReplay","download_url":"https://codeload.github.com/XboxReplay/xboxlive-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228110324,"owners_count":17871162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","electron","live","nodejs","oauth2","typescript","xbox","xboxlive"],"created_at":"2024-08-13T07:07:46.420Z","updated_at":"2025-07-30T07:33:26.012Z","avatar_url":"https://github.com/XboxReplay.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# XboxReplay/XboxLive-Auth\n\nA lightweight, zero-dependency Xbox Network (Xbox Live) authentication library for Node.js with OAuth 2.0 support.\n\n⚠️ **Breaking Changes Notice**: Significant breaking changes have been introduced since v4. Please review the [Migration Guide](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/90-Migration_From_v4.md) for detailed upgrade instructions and code examples.\n\n\u003e [!IMPORTANT]\n\u003e The main `authenticate()` function remains backward compatible for basic usage, but method imports and advanced features have changed significantly.\n\n## Installation\n\n```bash\nnpm install @xboxreplay/xboxlive-auth\n```\n\n## Quick Start\n\n### Basic Authentication\n\n```typescript\nimport { authenticate } from '@xboxreplay/xboxlive-auth';\n\nauthenticate('name@domain.com', 'password').then(console.info).catch(console.error);\n```\n\n### Response Format\n\n```json\n{\n  \"xuid\": \"2584878536129841\",\n  \"user_hash\": \"3218841136841218711\",\n  \"xsts_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n  \"display_claims\": {\n    \"gtg\": \"Zeny IC\",\n    \"xid\": \"2584878536129841\",\n    \"uhs\": \"3218841136841218711\",\n    \"agg\": \"Adult\",\n    \"usr\": \"234\",\n    \"utr\": \"190\",\n    \"prv\": \"185 186 187 188 191 192 ...\"\n  },\n  \"expires_on\": \"2025-04-13T05:43:32.6275675Z\"\n}\n```\n\n\u003e [!NOTE]\n\u003e The `xuid` field may be null based on the specified \"RelyingParty\", and `display_claims` may vary based on the specified \"RelyingParty\" configuration.\n\n### Advanced Usage\n\n#### Raw Response Mode\n\n```typescript\nimport { authenticate } from '@xboxreplay/xboxlive-auth';\n\n// Get raw responses from all authentication steps\nconst rawResponse = await authenticate('email@example.com', 'password', {\n  raw: true,\n});\n\nconsole.log(rawResponse);\n// Returns:\n// {\n//   'login.live.com': LiveAuthResponse,\n//   'user.auth.xboxlive.com': XNETExchangeRpsTicketResponse,\n//   'xsts.auth.xboxlive.com': XNETExchangeTokensResponse\n// }\n```\n\n#### Custom Authentication Options\n\n```typescript\nimport { authenticate } from '@xboxreplay/xboxlive-auth';\n\nconst result = await authenticate('email@example.com', 'password', {\n  XSTSRelyingParty: 'http://xboxlive.com',\n  optionalDisplayClaims: ['gtg', 'xid'],\n  sandboxId: 'RETAIL',\n});\n```\n\n### Using Individual Modules\n\nThe library now exports granular modules for advanced use cases:\n\n```typescript\nimport { live, xnet } from '@xboxreplay/xboxlive-auth';\n\n// Microsoft Live authentication\nawait live.preAuth();\nawait live.authenticateWithCredentials({ email: 'user@example.com', password: 'password' });\nawait live.exchangeCodeForAccessToken(code);\nawait live.refreshAccessToken(refreshToken);\n\n// Xbox Network token exchange\nawait xnet.exchangeRpsTicketForUserToken(accessToken, 't');\nawait xnet.exchangeTokensForXSTSToken(tokens, options);\n\n// Experimental features\nconst deviceToken = await xnet.experimental.createDummyWin32DeviceToken();\n```\n\n## Type Safety\n\nThe library is fully typed with TypeScript. Key types include:\n\n-   `Email`: Enforces proper email format (`${string}@${string}.${string}`)\n-   `AuthenticateOptions`: Configuration options for authentication\n-   `AuthenticateResponse`: Standard response format\n-   `AuthenticateRawResponse`: Raw response format when `raw: true`\n\n## Documentation\n\n-   [Basic authentication](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/01-Authenticate.md)\n-   [Use a custom Azure Application (OAuth2.0)](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/02-Custom_Azure_Application.md)\n-   [Experimental methods, such as \"deviceToken\" generation](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/03-Experimental.md)\n-   [What's a RelyingParty and how to use it](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/04-RelyingParty.md)\n-   [Available methods in this library](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/05-Methods.md)\n-   [Known issues and possible workarounds](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/06-Known_Issues.md)\n-   [How to deal with unauthorized \"AgeGroup\" authentication](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/07-Detect_Unauthorized_AgeGroup.md)\n\n## Using the XSAPI Client\n\nThe library includes an XSAPI client that's a Fetch wrapper designed specifically for calling Xbox Network APIs:\n\n```typescript\nawait XSAPIClient.get('https://profile.xboxlive.com/users/gt(Major%20Nelson)/profile/settings?settings=Gamerscore', {\n  options: { contractVersion: 2, userHash: 'YOUR_USER_HASH', XSTSToken: 'YOUR_XSTS_TOKEN' },\n});\n```\n\n### Manual cURL Example\n\n```bash\ncurl 'https://profile.xboxlive.com/users/gt(Major%20Nelson)/profile/settings?settings=Gamerscore' \\\n  -H 'Authorization: XBL3.0 x=YOUR_USER_HASH;YOUR_XSTS_TOKEN' \\\n  -H 'X-XBL-Contract-Version: 2'\n```\n\n## Known Limitations\n\n### Two-Factor Authentication (2FA)\n\nThe exposed `authenticate` method cannot deal with 2FA, but a workaround may be possible using OAuth2.0 flows with refresh tokens. Please take a look at the [authenticate documentation](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/01-Authenticate.md). Additional improvements regarding this issue are not currently planned.\n\n### Other Issues\n\nPlease refer to the [dedicated documentation](https://github.com/XboxReplay/xboxlive-auth/blob/master/docs/06-Known_Issues.md) for other known issues and workarounds.\n\n## License\n\n[Apache Version 2.0](https://github.com/XboxReplay/xboxlive-auth/blob/master/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FXboxReplay%2Fxboxlive-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FXboxReplay%2Fxboxlive-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FXboxReplay%2Fxboxlive-auth/lists"}