Dr. McKay

It looks like you're sending the parameters in the URL rather than in the post body as you should be.

Please give v4.19.2 a shot.

For some reason, CS:GO now requires an access token to get extended information like depots. You can either use getProductAccessToken and pass the access token to getProductInfo as per the readme, or you could just pass true for the optional includeTokens parameter, like so: getProductInfo([730], [], true, (apps, packages, unknownApps, unknownPackages) => { // should contain: // packages['730'].appinfo.depots['731'] }) Please note that if you're using steam-user v4 (as you should be), the first argument to the callback is err. Edit: Also be aware that you're only going to get a token if you own CS:GO. If your account doesn't own CS:GO, you can request a free-on-demand license for it.

You shouldn't need that cookie to execute an OpenID login.

I don't think that's possible, unfortunately.

No, just see if you can access their profile/inventory.

That event is for real-time trades, which have been removed from the Steam UI. That's not for trade offers.

Unless you're doing something shady, I wouldn't expect Valve to pay any mind to you.

Only set Origin and Referer. Do not set Host or Cookie.

That code retrieves a list of CS:GO servers and sets itself to in-game, but it doesn't join a server which is why you wouldn't see the bot in the server. It is not possible to actually join a CS:GO server from a bot, as you would have to implement VAC and nobody's been insane enough to try that.

I don't understand what you mean by that.

Your issue is probably that you aren't urlencoding the payload. I'm not super familiar with the fetch API you're using but I would be very surprised if it didn't have a mechanism to send an application/x-www-form-urlencoded request payload without having to encode it manually as you're doing. And yes, Steam login cookies that you acquire from any source can be used on all Steam properties.

You need to specify Origin and Referer manually, but all the other headers you're specifying should be left out as they're HTTP protocol-level headers that request will set on its own.

That's not possible.

There shouldn't be any special considerations with the rsa key request.

Get rid of the curly braces around requestoptions. And also quit using the confirmation checker as it's been deprecated for years.

In your instance, steam-user (client) is for logging into Steam and for receiving item/trade notifications and steamcommunity and steam-tradeoffer-manager are for interacting with the econ service (which is all over HTTP).

I don't see why you'd want to specifically use the oauthlogin method. What's wrong with logging in via community or user normally?

Check the myFriends property for users who've invited you.

You would need to download the game files from the CDN, parse items_game.txt, unpack the vpks, and figure out how to attribute texture files correctly to given items. Have fun.

None of those messages are going to work for your needs, since they're only for requesting the logged in user's inventory. You can't request other users' inventories that way. Using the HTTP endpoint is pretty much the only way.

You would need to also bind the local address on node-steamcommunity and additionally pass that community instance to the steam-tradeoffer-manager instance in the constructor.

Well, you're logging in twice and only once with an auth code. Of course the login attempt without a code is going to fail.

The transfer requests are just to set cookies on all the Steam domains, so logging in on community also logs you in on store and vice versa. But it's the same cookies on all domains.

I guess you're not using the correct shared secret. I don't know why you'd need to instantiate that sid variable, but that input format is correct regardless.