Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Screenshots endpoint not pulling in the latest content #57

Open
nightsurge opened this issue Apr 30, 2021 · 12 comments
Open

Screenshots endpoint not pulling in the latest content #57

nightsurge opened this issue Apr 30, 2021 · 12 comments

Comments

@nightsurge
Copy link

As of March 13th, Microsoft implemented some sort of changes to their API which now prevents newly captured screenshots from being returned from the mediahub or screenshotsmetadata endpoints. I believe this is all down to changes in their authentication or Signed Requests flow.

Has signed requests been implemented and actually used in this project yet? Or has anyone had a chance to look into this? I believe the maintainer of XboxReplay-Auth/API has figured out a way to get the latest information, and I know he has posted here in the past as well.

@nightsurge
Copy link
Author

@tuxuser can you clarify how to actually use the request signer in the current examples/flow? I am trying to integrate it, as it's not currently being used, but I think it is needed.

@nightsurge
Copy link
Author

Are there any maintainers that have had a chance to look into this? Is there any guidance on how to use the SignedRequests logic? Sorry for pinging so many people, but I can see this being a huge blocker in the near future if all new content is locked behind AUTH level changes or SignedRequests.

@tuxuser @hunterjm @Nereg @fuyutsuki @JamesTheAwesomeDude @Landcross ?

@James-E-A
Copy link
Contributor

@nightsurge I'm not a maintainer, but I can tell you that the maintainers would appreciate if if you would help us help you on this request/report, such as:

  • links to anybody else talking online (press release, forum thread, git commit, news report, etc.) about this — I'm not seeing anything from that other guy you mentioned
  • just a quick rudimentary example code we can use to get our eyeballs on what's boutta change; I, for one, don't have an XBox, so I can't just make a screenshot at the drop of a hat. Is there any other way to get the necessaries for reproducing this?

@tuxuser
Copy link
Member

tuxuser commented May 9, 2021

It's not really a response that you would like or help the matter much, but current situation is the following:

  • The Request signing implementation was written with the library httpx in mind, because it allows tunneling HTTP requests through some custom serializer (aka. Get URL path, headers and body) and pre-serialize the body so a distinct Signature can be calculated.
  • Currently however, xbox-webapi >v2.0 is utilizing aiohttp which does NOT support that in an easy fashion, so it's not possible to use RequestSigner at this moment.

To see request signing in action, check out the authentication route in https://github.com/OpenXbox/xcloud-python

Cheers

@JamesTheAwesomeDude thanks for hinting the proper direction how issues should be created :) appreciated!

@nightsurge
Copy link
Author

nightsurge commented May 10, 2021

@JamesTheAwesomeDude @tuxuser

For example, when getting the latest screenshots for my gamertag, NightSurgeX2 / xuid = 2674682457276710, the most recent one that appears is either Rocket League or Destiny 2 (depending on the contract version and how weird Xbox API is being that day). However, the REAL most recent screenshot I have is from Outriders, as evidenced when I use the official Xbox mobile app to view my captures. It only shows up on Official apps right now.

I now have hundreds of users reporting this to me, that their recent screenshots are not showing up, so it definitely is widespread, but so far only isolated to Screenshots. I believe the owner of the XboxReplay repo, which has made bugs/contributions to this project in the past, has it working on some new authentication layer that he is using. Perhaps he could shed some light on it for us?

https://github.com/XboxReplay/xboxlive-auth/tree/4.0.0 @Alexis-Bize

@tuxuser
Copy link
Member

tuxuser commented May 11, 2021

@nightsurge
The code is there, look for something called auth - https://github.com/OpenXbox/xcloud-python

@Alexis-Bize
Copy link

Alexis-Bize commented May 13, 2021

👋 Right, xcloud-python has the correct scheme :) As said, I'm not sure that divulging the signing procedure is right as It may have a negative impact regarding user's security (or targeted games) if it's coupled with a custom Azure application on a non verified / partner website. My 2 cents though.

@nightsurge
Copy link
Author

@Alexis-Bize I was able to get signing routine figured out, but it does appear that signing isn't the only piece. I also need to add the new overall authentication flow and I can't get past the part of requiring a manual entry and the auth via the browser. Has anyone figured out how to do this auth flow using their own Azure app config and get the updated auth tokens using Device, Title, and User/Access token when getting the final Xbox Live XSTS token?

@Alexis-Bize
Copy link

Alexis-Bize commented Jul 7, 2021

@nightsurge Right, I'm currently using it on HaloDotAPI services (Cryptum, Leaderboards, XUGC, etc.).

Note: The main issue with MediaHub (and *metadata endpoints) is that, even with a "signed" token, you won't be able to fetch other users' screenshots (clips are not impacted at the moment). Only the owner may retrieve them.

There's so many cases to handle so I'm using HaloDotAPI as a POC before implementing everything on XboxReplay.

@nightsurge
Copy link
Author

@Alexis-Bize can we continue this conversation on Twitter DM, or can you send me your email/discord or something so we can chat further. I'm really interested to see the flow you used in order to get user sign on working.

I am aware of the issue with only the users' content being returned using the new auth/token, but that should not be a problem in my app/scenarios I am looking at going forward. I do have a verified Azure app and have many contacts within Microsoft/Xbox, but unfortunately none in the right place to find answers on these auth changes haha...

@nightsurge
Copy link
Author

Is this resolved now?

@tuxuser
Copy link
Member

tuxuser commented Nov 18, 2022

No, not yet.

  • Needs to be tested whether the XAL tokens enable more results from the endpoints
  • XboxLiveClient / Session instances need to be abstracted, to be created from Sisu/XAL tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants