loch

I think having to slice it just comes down to the developers' implementation of their services. I have to send the steam ID separately, so basically all I have to do is take the first 8 bytes and send it as the steam ID, then the rest of the bytes are the token. I'd say this functionality is all working correctly.

Got it working Had to slice off the first 8 bytes of the returned ticket, which I believe is the steam ID.

In your opinion, is there anything - you think - fundamentally missing? Or is it just down to testing at this point?

Gotcha, that totally makes sense. Thanks.

Currently there is a feature branch called appauth which contains methods for retrieving the auth session ticket (SteamUser.getAuthSessionTicket) -- does this feature work correctly? I saw in another thread that Dr. McKay was acknowledging that fetching such a ticket was not possible _after_ commits to this branch had been made. I'm interested in retrieving the auth session ticket for a game. I understand that it would be effectively impossible to circumvent certain features that fall under VAC, but in this case there are web services which use the auth session ticket which would be useful to me. Currently I'm able to receive a ticket, but presenting said ticket to the server I'm trying to talk to results in an "unauthorized" response. Anyone know if this feature is working + I'm doing something wrong, or if it's currently not working, and what needs to be done to fix it?

The documentation states "If the app expects some "user data" (arbitrary data which will be encrypted into the ticket), provide it here. Otherwise, omit this argument or pass an empty Buffer." How will I know if the app expects some user data? Is there any way for me to discover what this data might be?