GitHub

getWebCookies() for EAuthTokenPlatformType.WebBrowser now returns cookies for all Steam domains (with ; Domain=steamcommunity.com appended in the cookie string) due to Steam now issuing different tokens for different domains (PR #37 by @Sadzurami) Most cookie jar libraries should handle this properly, but you may need to check your own app to be sure Full Changelog: v1.7.1...v1.7.2 View on GitHub

Added check to throw an error if you attempt to call logOn() while a log on attempt is already ongoing Full Changelog: v5.0.6...v5.0.7 View on GitHub

Fixed an issue where SteamUser may attempt to reconnect even after emitting error due to error during auth Full Changelog: v5.0.5...v5.0.6 View on GitHub

Fixed "already logged on" error not having a useful stack trace Full Changelog: v5.0.4...v5.0.5 View on GitHub

BREAKING STEAM CHANGE Mobile confirmation is now required to create a Web API key It is now required to have a Steam Guard Mobile Authenticator in order to create a Web API key getWebApiKey() no longer attempts to register an API key if your account doesn't yet have one getWebApiKey() still works for retrieving your account's existing API key createWebApiKey() has been added to handle creating a new Web API key Full Changelog: v3.47.1...v3.48.0 Ramifications of This Change You now need to enable mobile 2FA to create a Web API key You can disable mobile 2FA after your key has been created, and it will keep working getWebApiKey() works as before if your account already has a key created, but does not attempt to register a key if you don't yet have one If you have a script that prepares new accounts for use (e.g. enables 2FA, sets up profile), then you should call createWebApiKey() as part of that script, after enabling 2FA. Any code which consumes getWebApiKey() will work as before, provided you create your API key before attempting to call it View on GitHub

Fixed issue where HTTP requests could hang indefinitely Full Changelog: v5.0.3...v5.0.4 View on GitHub

Fixed pre-connect network errors not being properly handled Full Changelog: v5.0.2...v5.0.3 View on GitHub

Fixed issue where access tokens (cookies) would not be properly refreshed when reusing a LoginSession over a long period of time Full Changelog: v1.7.0...v1.7.1 View on GitHub

Added clientsessionid cookie to cookies provided in the webSession event I'm not entirely sure what this does or if it's important, but the Steam client sends it so here we are. It might improve compatibility. Updated to use the newer GetCMListForConnect WebAPI method to fetch the Steam server list This removes the need to save cm_list.json locally Fixed refresh tokens obtained from the refreshToken event not working for subsequent logins with error AccessDenied The correct machine ID is now sent to the auth server when logging in This doesn't appear to matter at the moment, but it may have an impact on token validity in the future Full Changelog: v5.0.1...v5.0.2 View on GitHub

Added ability to pass a custom machine ID when logging on using EAuthTokenPlatformType.SteamClient Full Changelog: v1.6.0...v1.7.0 View on GitHub

Fixed SteamCommunity.login() method by having it internally use steam-session BREAKING: Node.js 12.22.0 or later is required to use SteamCommunity.login() (4.0.0 is still working for the rest of the package) BREAKING: You cannot use SteamCommunity.login() if you are also passing a custom request instance in to the SteamCommunity constructor due to incompatibility BREAKING: You will no longer get a steamguard value when using SteamCommunity.login() "It's not my fault there's a breaking change in a patch release if Valve already did the breaking!"℠ Full Changelog: v3.47.0...v3.47.1 View on GitHub

Added ability to specify a custom user-agent string for WebBrowser logins Full Changelog: v1.5.0...v1.6.0 View on GitHub

Added localAddress option for LoginSession and LoginApprover Full Changelog: v1.4.1...v1.5.0 View on GitHub

Added user/workshop/curator follow & unfollow support (by @3urobeat in #320) Re-enabled primaryGroup profile setting (by @3urobeat in #307) Fixed currencies not being properly returned by getUserInventory (by @fjexe in #301) Updated vulnerable xml2js dependency Full Changelog: v3.46.1...v3.47.0 View on GitHub

Added CM list caching (by @Sadzurami in #30) Full Changelog: v1.4.0...v1.4.1 View on GitHub

Added ability to specify a custom https.Agent (by @Sadzurami in #29) Full Changelog: v1.3.4...v1.4.0 View on GitHub

Fixed automatic machine auth token handling not working in log on (thanks to @Sadzurami in #458) Full Changelog: v5.0.0...v5.0.1 View on GitHub

Migration Guide v5 by @DoctorMcKay in #450 Breaking Now requires Node.js v14 or later (up from v8) Removed deprecated methods setSentry() Removed deprecated events sentry Removed deprecated login key functionality Removed logOn properties: loginKey and rememberPassword Removed legacy authentication Other Changes Added refreshToken event Added renewRefreshTokens option Full Changelog: v4.29.3...v5.0.0 View on GitHub

Updated dependencies Full Changelog: v1.3.3...v1.3.4 View on GitHub

Fixed crash that 4.29.2 didn't properly fix Bumped steam-session dependency version to ensure the latest version is installed Full Changelog: v4.29.2...v4.29.3 View on GitHub

Automatically refresh access token before emitting authenticated for EAuthTokenPlatformType.MobileApp Full Changelog: v1.3.2...v1.3.3 View on GitHub

Fixed crash due to call to wrong debug function if steam-session auth fails (issue #456) Full Changelog: v4.29.1...v4.29.2 View on GitHub

Fixed timeout error when calling getWebCookies() or refreshAccessToken() immediately after authenticated for EAuthTokenPlatformType.SteamClient Updated docs to reflect Steam changes Full Changelog: v1.3.1...v1.3.2 View on GitHub

Fixed logins failing with error FileNotFound due to Steam change Please Note: Steam no longer returns access tokens for new login attempts. Therefore, accessToken will be undefined when authenticated is emitted. Access tokens are only useful as web cookies, and getWebCookies() automatically attempts to refresh the access token as necessary, so no change should be needed from you if you aren't directly accessing the accessToken property. Full Changelog: v1.3.0...v1.3.1 View on GitHub

A sessionid cookie is now always returned to getWebCookies() (thanks @Sadzurami in #24) EAuthTokenPlatformType is now validated when you assign a refresh token to the refreshToken property (thanks @Sadzurami in #25) Added renewRefreshToken() method to LoginSession Full Changelog: v1.2.5...v1.3.0 View on GitHub