All Activity

You've got some problem with your proxy being unable to connect to Steam, it seems.

Thank you so much for your help and proposed fix, but unfortunately it still doesn’t work in my case. I've focused on httpProxy this time. Below are the details. Output: Code: const SteamUser = require("steam-user"); const SteamTotp = require("steam-totp"); // ––– your 2FA & creds (censored) ––– const sharedSecret = "*****"; const accountName = "*****"; const password = "*****"; // proxy must start with "http://" const httpProxy = "http://*****:*****@*****:8000"; const client = new SteamUser({ httpProxy, webCompatibilityMode: true, // protocol: SteamUser.EConnectionProtocol.TCP, // uncomment to force raw‑TCP }); client.logOn({ accountName, password, twoFactorCode: SteamTotp.generateAuthCode(sharedSecret), }); client.on("loggedOn", () => { console.log("✅ Logged in – Steam sees IP as", client.publicIP); }); client.on("error", (err) => { console.error("❌ Login error:", err); }); Proxy test:

The string you pass to httpProxy needs to start with http:// createConnection is not a valid option for the SteamUser constructor. To use a SOCKS proxy, you should use the socksProxy option.

Describe the bug When attempting to log in to Steam using a proxy, Steam still sees my real IP address instead of routing traffic through the proxy. I have tried both HTTP‐over‐HTTP (httpProxy) and SOCKS5 (createConnection + SocksProxyAgent) approaches in two separate test files, but neither one works as expected. Versions - steam-user: v5.2.0 - steam-totp: v2.1.2 - socks-proxy-agent: v8.0.5 - Node.js: v22.14.0 - OS: Windows 11 Screenshots and Error Logs When running either test file, login succeeds but `client.publicIP` reports my real IP, not the proxy’s IP: No other errors are thrown. http.js const SteamUser = require("steam-user"); const SteamTotp = require("steam-totp"); // ––– your 2FA & creds ––– const sharedSecret = "ABCDEFGH1234IJKL="; const accountName = "myUserName"; const password = "MyP@ssw0rd!"; // just “user:pass@host:port” (percent‑encode any “=” or “@” in your password) const httpProxy = "user123:pa%40ssw0rd%[email protected]:8080"; const client = new SteamUser({ httpProxy, webCompatibilityMode: true, // you can force raw‑TCP if you like: // protocol: SteamUser.EConnectionProtocol.TCP }); client.logOn({ accountName, password, twoFactorCode: SteamTotp.generateAuthCode(sharedSecret), }); client.on("loggedOn", () => { console.log("✅ Logged in – Steam sees IP as", client.publicIP); }); client.on("error", (err) => { console.error("❌ Login error:", err); }); socks5h.js const SteamUser = require("steam-user"); const SteamTotp = require("steam-totp"); const { SocksProxyAgent } = require("socks-proxy-agent"); //––– your 2FA & creds ––– const sharedSecret = "ABCDEFGH12345678="; const accountName = "exampleUser"; const password = "Tr1ckyP@ss"; // your socks5h URL: const socksUri = "socks5h://fake-user:[email protected]:1080"; const agent = new SocksProxyAgent(socksUri); const client = new SteamUser({ // force raw‐TCP protocol: SteamUser.EConnectionProtocol.TCP, // whenever steam-user wants a socket, we hand it over to our proxy agent createConnection: (opts) => agent.createConnection(opts), autoRelogin: true, }); client.logOn({ accountName, password, twoFactorCode: SteamTotp.generateAuthCode(sharedSecret), }); client.on("loggedOn", () => { console.log("✅ Logged in – Steam sees IP as", client.publicIP); }); client.on("error", (err) => console.error("❌ Login error:", err));

Thanks...I managed to figure out the problem. For other's future reference, disabling "Steam Authenticator" on your phone is not enough and you will need to go to Steam on browser to turn off Steam Guard entirely.

It may not be enabled on that phone, but it's enabled somewhere.

But I don’t, this is my steam account from “Steam Guard” page on my mobile showing my 2 account. With steam guard enabled there will be a blue checkmark, without it there will be a plus shield icon. I explicitly did “Remove Steam Authenticator” on my mobile settings before using this library.

Thank you for your help! I should look into it a bit more — it's most likely something I did wrong. Thanks again for your assistance! Wishing you a wonderful day.

Dunno, you're doing something wrong then.

Here is some information from my refresh_token. I believe it hasn't expired yet, since I've recently logged in again using Steam Desktop Authenticator. Payload: { "iss": "", "sub": "", "aud": [ "web", "renew", "derive" ], "exp": 1762718905, "nbf": 1735992415, "iat": 1744632415, "jti": "", "oat": 1744632415, "per": 1, "ip_subject": "", "ip_confirmer": "" }

I'd guess your refresh token is probably expired or now invalid.

Using steamRefresh_steam from login post Response Headers Set-Cookie is the same. https://login.steampowered.com/jwt/finalizelogin {"response":{}}

Thank you! The refresh_token comes from the maFile generated by linking with Steam Desktop Authenticator. This is Steam Desktop Authenticator:

You clearly already have MFA enabled if it's asking for an MFA code.

What type of refresh token do you have?

The purpose of the `enableTwoFactor` method is to enable Steam Guard on account, but I implemented the `enableTwoFactor` method correctly and disabled my Steam Guard, however it is asking me for Steam Guard code on login which does not exist because I am using this library to create Steam Guard.

I'm trying to use the Steam Web API endpoint: https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/ I'm sending a POST request with steamid and refresh_token, but the response is always: { "response": {} } It was working fine yesterday, but stopped working today. Is there any better way to update steamLoginSecure? Thank you very much! post_url = 'https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/' post_data = { 'steamid': steam_id, 'refresh_token': refresh_token, } response = session.post(post_url, data=post_data, allow_redirects=False, timeout=20) print(response.text) {"response":{}}

@qaedes

Can't be done. You can get a web logon nonce from https://steamcommunity.com/chat/clientjstoken but that's not the same thing as a refresh token for the client; you have to send that as web_logon_nonce in the CMsgClientLogOn message.

Hello, I have access token from web client. I want to convert it to steam desktop token. Web tokens has "client", "web" in aud. I can't login thru desktop app. Client tokens has "derive" and "renew" in aud. Which means i can login thru desktop app

Maybe it ll help someone I need just sticker names and img src after trade don't really need ids, I get them from getReceivedItems([getActions, ]callback) getActions - Optional. If true, then the descriptions of the received items will be loaded from the WebAPI in order to populate the items' actions. Default false. callback - Required. A callback to be invoked when complete. err - An Error object on failure, null on success items - An array of EconItem objects that you received. v1.19.0 or later is required to use getActions. Can be called on an accepted offer to retrieve item data about the items you received, including names, descriptions, and new assetids. Will not include any actions (e.g. the CS:GO inspect link) unless getActions is true.

You would need to download and parse items_game.txt, look up the sticker by its sticker_id, then fetch your appropriate language file to translate the localization key into an actual name.

Hi Heloo every one I have a question, is there a way to check the names of stickers by their id? { "stickers": [ { "slot": 0, "sticker_id": 4794, "wear": null, "scale": null, "rotation": null, "tint_id": null, "offset_x": null, "offset_y": null, "offset_z": null, "pattern": null }, { "slot": 1, "sticker_id": 4762, "wear": null, "scale": null, "rotation": null, "tint_id": null, "offset_x": null, "offset_y": null, "offset_z": null, "pattern": null }, { "slot": 2, "sticker_id": 4782, "wear": null, "scale": null, "rotation": null, "tint_id": null, "offset_x": null, "offset_y": null, "offset_z": null, "pattern": null }, { "slot": 3, "sticker_id": 4741, "wear": null, "scale": null, "rotation": null, "tint_id": null, "offset_x": null, "offset_y": null, "offset_z": null, "pattern": null } ], "keychains": [], "accountid": null, "itemid": "43163857952", "defindex": 10, "paintindex": 904, "rarity": 3, "quality": 9, "paintwear": 0.2513757348060608, "paintseed": 743, "killeaterscoretype": 0, "killeatervalue": 0, "customname": null, "inventory": 3221225475, "origin": 8, "questid": null, "dropreason": null, "musicindex": null, "entindex": null, "petindex": null }

Yes, we should start a Telegram discussion group.

I have the same problem. Do you have Telegram? So we can discuss it in our language (I'm Russian speaking too)