Question State of feature/appauth branch

[loch]

Currently there is a feature branch called appauth which contains methods for retrieving the auth session ticket (SteamUser.getAuthSessionTicket) -- does this feature work correctly? I saw in another thread that Dr. McKay was acknowledging that fetching such a ticket was not possible _after_ commits to this branch had been made.

 

I'm interested in retrieving the auth session ticket for a game. I understand that it would be effectively impossible to circumvent certain features that fall under VAC, but in this case there are web services which use the auth session ticket which would be useful to me.

 

Currently I'm able to receive a ticket, but presenting said ticket to the server I'm trying to talk to results in an "unauthorized" response.

 

Anyone know if this feature is working + I'm doing something wrong, or if it's currently not working, and what needs to be done to fix it?

[Dr. McKay]

It has never been tested to ensure that it actually returns well-formed tickets.

[loch]

In your opinion, is there anything - you think - fundamentally missing? Or is it just down to testing at this point?

[loch]

Got it working Had to slice off the first 8 bytes of the returned ticket, which I believe is the steam ID.

[Dr. McKay]

Good info, thanks.

[loch]

Good info, thanks.

 

I think having to slice it just comes down to the developers' implementation of their services. I have to send the steam ID separately, so basically all I have to do is take the first 8 bytes and send it as the steam ID, then the rest of the bytes are the token. I'd say this functionality is all working correctly.

[Dr. McKay]

I think strictly speaking, the leading SteamID isn't part of the ticket. Some implementations just expect the SteamID to be sent preceding the actual ticket. Therefore, I don't believe I should be including that leading SteamID in the ticket I return.