minecraft-auth - npm Package Compare versions

Comparing version 2.0.6 to 2.0.7

dist/MicrosoftAuth/MicrosoftAccount.d.ts

@@ -0,1 +1,2 @@
+import { PKCEPairType } from "../types";
 import { Account } from "../Account";
@@ -7,4 +8,4 @@ export declare class MicrosoftAccount extends Account {
     refresh(): Promise<string>;
-    authFlow(authCode: string): Promise<string>;
+    authFlow(authCode: string, PKCEPair: PKCEPairType): Promise<string>;
     use(): Promise<string | undefined>;
 }

dist/MicrosoftAuth/MicrosoftAccount.js

@@ -43,5 +43,5 @@ "use strict";
     }
-    async authFlow(authCode) {
+    async authFlow(authCode, PKCEPair) {
         this.authCode = authCode;
-        let resp = await MicrosoftAuth.authFlow(this.authCode);
+        let resp = await MicrosoftAuth.authFlow(this.authCode, PKCEPair);
         this.refreshToken = resp.refresh_token;
@@ -48,0 +48,0 @@ this.accessToken = resp.access_token;

dist/MicrosoftAuth/MicrosoftAuth.d.ts

 import { MCTokenResponse, MSConfigType, ServerConfigType, TokenResponse, XBLResponse, XSTSResponse } from "./MicrosoftAuth.types";
+import { PKCEPairType } from "../types";
 export declare function setup(_config: Partial<MSConfigType>): void;
 export declare function listenForCode(_serverConfig?: Partial<ServerConfigType>): Promise<string>;
-export declare function createUrl(): string;
-export declare function getToken(authCode: string): Promise<TokenResponse>;
+export declare function generatePKCEPair(): PKCEPairType;
+export declare function createUrl(PKCEPair?: PKCEPairType): string;
+export declare function getToken(authCode: string, PKCEPair?: PKCEPairType): Promise<TokenResponse>;
 export declare function getTokenRefresh(refreshToken: string): Promise<TokenResponse>;
@@ -10,3 +12,3 @@ export declare function authXBL(accessToken: string): Promise<XBLResponse>;
 export declare function getMinecraftToken(xstsToken: string, uhs: string): Promise<MCTokenResponse>;
-export declare function authFlow(authCode: string): Promise<{
+export declare function authFlow(authCode: string, PKCEPair?: PKCEPairType): Promise<{
     access_token: string;
@@ -13,0 +15,0 @@ refresh_token: string;

dist/MicrosoftAuth/MicrosoftAuth.js

@@ -6,6 +6,7 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.authFlowXBL = exports.authFlowRefresh = exports.authFlow = exports.getMinecraftToken = exports.authXSTS = exports.authXBL = exports.getTokenRefresh = exports.getToken = exports.createUrl = exports.listenForCode = exports.setup = void 0;
+exports.authFlowXBL = exports.authFlowRefresh = exports.authFlow = exports.getMinecraftToken = exports.authXSTS = exports.authXBL = exports.getTokenRefresh = exports.getToken = exports.createUrl = exports.generatePKCEPair = exports.listenForCode = exports.setup = void 0;
 const http_1 = __importDefault(require("http"));
 const http_client_methods_1 = require("http-client-methods");
 const types_1 = require("../types");
+const node_crypto_1 = require("node:crypto");
 let config = {
@@ -108,3 +109,3 @@ scope: "XboxLive.signin offline_access",
                     res.writeHead(200);
-                    res.end(createUrl());
+                    res.end(createUrl(serverConfig.pkcePair));
                     break;
@@ -119,3 +120,3 @@ case '/close':
                     res.writeHead(302, {
-                        Location: createUrl(),
+                        Location: createUrl(serverConfig.pkcePair),
                     });
@@ -126,3 +127,3 @@ res.end();
                     res.writeHead(302, {
-                        Location: createUrl(),
+                        Location: createUrl(serverConfig.pkcePair),
                     });
@@ -142,13 +143,26 @@ res.end();
 exports.listenForCode = listenForCode;
-function createUrl() {
+function generatePKCEPair() {
+    const NUM_OF_BYTES = 32;
+    const HASH_ALG = "sha256";
+    const randomVerifier = (0, node_crypto_1.randomBytes)(NUM_OF_BYTES).toString('hex');
+    const hash = (0, node_crypto_1.createHash)(HASH_ALG).update(randomVerifier).digest('base64');
+    const challenge = hash.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, ''); // Clean base64 to make it URL safe
+    return { verifier: randomVerifier, challenge };
+}
+exports.generatePKCEPair = generatePKCEPair;
+function createUrl(PKCEPair) {
     let encodedID = encodeURIComponent(config.appID ?? "");
     let encodedUrl = encodeURIComponent(config.redirectURL);
     let encodedScope = encodeURIComponent(config.scope);
-    return `https://login.live.com/oauth20_authorize.srf?client_id=${encodedID}&response_type=code&redirect_uri=${encodedUrl}&scope=${encodedScope}`;
+    if (PKCEPair) {
+        let encodedChallenge = encodeURIComponent(PKCEPair.challenge);
+        return `https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=${encodedID}&response_type=code&redirect_uri=${encodedUrl}&scope=${encodedScope}&code_challenge=${encodedChallenge}&code_challenge_method=S256`;
+    }
+    return `https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=${encodedID}&response_type=code&redirect_uri=${encodedUrl}&scope=${encodedScope}`;
 }
 exports.createUrl = createUrl;
-async function getToken(authCode) {
+async function getToken(authCode, PKCEPair) {
     let encodedID = encodeURIComponent(config.appID);
     let encodedUrl = encodeURIComponent(config.redirectURL);
-    let url = 'https://login.live.com/oauth20_token.srf';
+    let url = 'https://login.microsoftonline.com/consumers/oauth2/v2.0/token';
     let body = `client_id=${encodedID}&code=${authCode}&grant_type=authorization_code&redirect_uri=${encodedUrl}`;
@@ -163,3 +177,7 @@ if (config.mode === "Web") {
     }
-    let response = await (0, http_client_methods_1.HttpPost)(url, body, { "Content-Type": "application/x-www-form-urlencoded" });
+    if (PKCEPair) {
+        let encodedVerifier = encodeURIComponent(PKCEPair.verifier);
+        body += `&code_verifier=${encodedVerifier}&code_challenge_method=S256`;
+    }
+    let response = await (0, http_client_methods_1.HttpPost)(url, body, { "Content-Type": "application/x-www-form-urlencoded", "Origin": config.redirectURL });
     let jsonResponse = JSON.parse(response);
@@ -186,2 +204,3 @@ if (jsonResponse.error) {
     const response = await (0, http_client_methods_1.HttpPost)(url, body, {
+        "Origin": config.redirectURL,
         'Content-Type': 'application/x-www-form-urlencoded',
@@ -243,7 +262,10 @@ });
     const jsonResponse = JSON.parse(response);
+    if (jsonResponse.errorMessage) {
+        throw new types_1.AuthenticationError("Error when getting minecraft token", jsonResponse.errorMessage, jsonResponse.path);
+    }
     return jsonResponse;
 }
 exports.getMinecraftToken = getMinecraftToken;
-async function authFlow(authCode) {
-    const tokenRes = await getToken(authCode);
+async function authFlow(authCode, PKCEPair) {
+    const tokenRes = await getToken(authCode, PKCEPair);
     return await authFlowXBL(tokenRes.access_token, tokenRes.refresh_token);
@@ -250,0 +272,0 @@ }

dist/MicrosoftAuth/MicrosoftAuth.types.d.ts

 /// <reference types="node" />
+import { PKCEPairType } from "../types";
 export type MSConfigType = {
@@ -18,2 +19,3 @@ appID: string;
     oncode?: (code: string) => any;
+    pkcePair?: PKCEPairType;
 };
@@ -38,2 +40,4 @@ export type TokenResponse = {
     expires_in: 86400;
+    path: string;
+    errorMessage: string;
 };
@@ -40,0 +44,0 @@ export type XBLResponse = {

dist/types.d.ts

@@ -17,1 +17,5 @@ /// <reference types="node" />
 }
+export type PKCEPairType = {
+    verifier: string;
+    challenge: string;
+};

package.json

 {
   "name": "minecraft-auth",
-  "version": "2.0.6",
+  "version": "2.0.7",
   "description": "Package to authenticate with minecraft using traditional yggdrasil, new microsoft authentication and non-premium.",
@@ -5,0 +5,0 @@ "main": "dist/index.js",

No alert changes

Improved metrics

Total package byte prevSize

76352

increased by4.08%

Lines of code

1187

increased by2.86%

No dependency changes