Replies: 2 comments 2 replies
-
|
The best thing to do is usually to mimic what Steam does. Assuming nothing has changed since I last tried this, if you wait too long after connecting to a CM without doing something useful, Steam closes the connection with an older, non-protobuf logon response. I assume this is to prevent socket exhaustion or other potential attacks. Polling is required for QR codes or a prompt, because you don't know when the user has taken action on the other device. Asking them to confirm twice feels a bit kludgy to me, and deviates from how Steam behaves, so it wouldn't surprise me that you'd encounter problems going that route. |
Beta Was this translation helpful? Give feedback.
-
|
Our old code would simply call the login cmsg with the user and password
again when the user hit a button asking for steam to resend a code. Would
that approach still work but with the Begin via Credentials auth call? We
could do that if we detect the 2FA expired as well, but it seems like I'm
missing something.
…On Sat, May 20, 2023, 10:25 AM Yaakov ***@***.***> wrote:
The best thing to do is usually to mimic what Steam does.
Assuming nothing has changed since I last tried this, if you wait too long
after connecting to a CM without doing something useful, Steam closes the
connection with an older, non-protobuf logon response. I assume this is to
prevent socket exhaustion or other potential attacks.
Polling is required for QR codes or a prompt, because you don't know when
the user has taken action on the other device. Asking them to confirm twice
feels a bit kludgy to me, and deviates from how Steam behaves, so it
wouldn't surprise me that you'd encounter problems going that route.
—
Reply to this email directly, view it on GitHub
<#1224 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASX2DPGFBB2DQARWN2B4VFLXHDH7BANCNFSM6AAAAAAYIIGZFY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
no idea tbh |
Beta Was this translation helpful? Give feedback.
-
|
well, trying it does nothing. It appears steam no longer offers the option to resend a code anyway. Instead, they provide a link to https://help.steampowered.com/en/wizard/HelpWithSteamGuardCode (or the equivalent in the user's language). So that's what i'm going to do, lol |
Beta Was this translation helpful? Give feedback.
-
I really do apologize for all the nitty-gritty questions. We're doing alpha testing (essentially, manually fuzz testing our code). If you want long enough that the mobile/email code expires, roughly 5-6 minutes, the 2FA update succeeds (sends OK), but the poll will error. I was expecting
Expired, but instead seem to getFileNotFound. Is there a way to request a new code without trying the login credentials call again?Additionally, when you wait too long (through testing, roughly after a minute) without polling for the auth state, steam shuts down the connection with a ClientLogOn Response Message, and the EResult being TryAnotherCM. Which we can recover from, and after connecting to a new CM, this process repeats until the user finally completes 2FA. I believe we can continue with the 2FA at this point, but we also seem to get invalid authentication related errors on occasion. I don't know if this is something you've encountered or it should always work and our code is bugged somewhere.
We don't poll repeatedly because it's guarenteed to fail until the user actually inputs mobile or email code. Similarly, we just ask the user to hit confirm on our end after confirming in the mobile app if they go that route. Would polling repeatedly prevent the TryAnotherCM?
Beta Was this translation helpful? Give feedback.
All reactions