Dr. McKay

Not that I've seen.

I've not delved into downloading workshop files. I believe it's very similar to downloading apps, but I couldn't tell you exactly how similar. If reading JS isn't for you, you could consult DepotDownloader.

Are you logging in fresh for every request? That's a bad idea.

That code looks fine at a glance. Does the account you're using have a license for CS:GO? You need to add it to your library before you can launch it. If it's not showing as in-game on its profile page, then that would mean that you don't have a license. You can use steam-user's requestFreeLicense method to add it to your library.

Seems like it, yes.

As far as I know, it's automatically activated when you log onto the client (or steam-user) 2-3 times.

Use getOffer to retrieve a TradeOffer by its ID.

It's on the wiki. You need to specify a language.

It's possible that the items in question don't have market_hash_names.

You need to log in TradeOfferManager using setCookies.

You're adding a new connectedToGC handler every time you get the wallet event emitted, which isn't what you want to do.

If you have the file, it should work on all versions.

Given only a steamLoginSecure cookie, no, it's not possible to renew it when it expires. You would need to get the refresh token out of the steamRefresh_steam cookie that's set on login.steampowered.com, and use the steam-session module to exchange it for a new steamLoginSecure cookie.

steam-tradeoffer-manager doesn't have anything native to avoid putting the same item into two trades. You're responsible for tracking which items you've already offered by assetid, and avoiding those items for future trades.

Not that I'm aware. It's just kind of a constant that you run into session expiration problems if you use the same account from two IPs. You're best off confirming trades in the same location as where you're sending trades from.

You need to be signed in already by calling setCookies with valid session cookies. You can get session cookies from npm packages steam-user, steamcommunity, or steam-session.

Yes and yes. Choosing your platform type is done in the LoginSession constructor, which is provided by steam-session. Correct. It pretends to be a real Steam client, connects to a CM the same way a Steam client does, and sends and receives the same messages a real Steam client does.

Only steamLoginSecure. sessionid is merely a CSRF token and can be any value. Yes. A valid refresh token can be used to authenticate as long as it hasn't expired. It's worth noting that refresh tokens are specific to the platform for which they were generated; only a token generated for EAuthTokenPlatformType.SteamClient can be used to authenticate as a Steam client, and only a token generated for EAuthTokenPlatformType.MobileApp can be used for mobile-app-only requests, such as enabling or disabling 2FA. At present, refresh tokens for all platform types can be used to get web cookies, even though the Steam client doesn't get cookies the same way as the mobile app and web browsers. It makes the same requests that the official Steam client, mobile app, and web apps use to authenticate users. There's a WebAPI interface for this, although it's not really meant for public consumption the way I'm using it. The Steam client makes the same requests, but they go through a CM (connection manager, the same server all other Steam client communication goes through). If you're curious, you could hit F12 to open your browser console, switch to the network tab, then sign into steamcommunity.com. You won't see a tremendous amount of useful info though, since the requests are protobuf-encoded.

It's true that access tokens and refresh tokens are commonly used in OAuth, but this isn't OAuth. It just uses some of the same terminology. And yes, refresh tokens can be used for ~200 days until they expire. Refresh tokens are the tokens used by the Steam client when you select "remember my password", and by the mobile app to keep you logged in. A refresh token also gets set in your browser cookies to renew your web session when necessary. There is a mechanism for renewing refresh tokens, which is seemingly used by the Steam client and by the mobile app. I'm working on adding support for refresh token renewal to steam-session.

I'm not really sure what you mean by "extending the session". Refresh tokens exist in your browser cookies, encrypted within the config files for the Steam client, and in the Steam mobile app's private files. Otherwise, steam-session is the only way I'm aware of to get a refresh token, although I'm sure there exist other libraries and apps. SteamKit can probably do it in C#, for example.

I've never bothered trying to fully re-create item descriptions using GC data, mostly since there are so many edge cases that it becomes a massive headache. That said, items_game.txt in the game files contains all the data you need to do it (well, that and the localization files to get human-readable strings out of i18n tokens).

It doesn't really matter.

Yes, you can use steam-session to get a refresh token; it supports using device confirmations to approve a login. Your SteamUser client will stay logged on as long as it can stay connected to Steam. If it gets disconnected, it'll use the same refresh token that it used initially to log back in.

npm update https://github.com/DoctorMcKay/node-steamcommunity/releases/tag/v3.45.1

From time to time yes, Steam will disconnect you. When the disconnected event is emitted, SteamUser will automatically reconnect and loggedOn will fire again.