【问题标题】:Can't authenticate user through XboxLive 400: Bad Request无法通过 XboxLive 400 对用户进行身份验证:错误请求
【发布时间】:2022-10-30 09:47:41
【问题描述】:

我正在尝试通过 XboxLive 对用户进行身份验证,但在关注 this 文章时遇到了一些麻烦,但我无法通过第一步它总是返回 400: Bad Request 我做了一些挖掘,有些人说将d= 放在 accessToken 之前,但这没有帮助。

public void getXboxLiveToken() throws IOException{
        if (this.accessTokenJson == null) getAccessToken();

        Header[] headers = new Header[2];
        headers[0] = applicationJsonContentTypeHeader;
        headers[1] = applicationAcceptJsonHeader;

        HttpPost httpPost = new HttpPost(SIGNIN_XBL_URL);
        httpPost.setHeaders(headers);

        String jsonString = this.gson.toJson(new SignIntoXBLJson(this.accessTokenJson.getAccessToken()));
        StringEntity requestEntity = new StringEntity(jsonString, ContentType.APPLICATION_JSON);
        httpPost.setEntity(requestEntity);
        
        try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
            byte[] responseBytes = response.getEntity().getContent().readAllBytes();
            System.out.println(response.getStatusLine().getStatusCode() + ": " + response.getStatusLine().getReasonPhrase());
            System.out.println(new String(responseBytes));
        }
    }

json

{
    "Properties": {
        "AuthMethod": "RPS",
        "SiteName": "user.auth.xboxlive.com",
        "RspTicket": "d=<Access Token>"
    },
    "ReplyingParty": "http://auth.xboxlive.com",
    "TokenType": "JWT"
}

【问题讨论】:

    标签: java msal xbox xbox-live


    【解决方案1】:

    我也花了一些时间才弄清楚,但我最终找到了这篇文章:Mojang API Documentation,它总结得很好。

    请求需要是一个 'POST' ,带有 url https://user.auth.xboxlive.com/user/authenticate 的标题:

    • Content-Type: application/json
    • Accept: application/json

    并具有以下主体:

    {
        "Properties": {
            "AuthMethod": "RPS",
            "SiteName": "user.auth.xboxlive.com",
            "RpsTicket": "d=ACCESS_TOKEN_HERE" // access token you got from https://login.live.com/oauth20_token.srf
        },
        "RelyingParty": "http://auth.xboxlive.com",
        "TokenType": "JWT"
    }
    

    结果应该与此类似:

    {
        "IssueInstant": "2022-10-30T01:45:49.8093136Z",
        "NotAfter": "2022-11-13T01:45:49.8093136Z",
        "Token": "TOKEN_HERE",
        "DisplayClaims": {
          "xui": [
             {
                "uhs": "USER_HASH"
             }
          ]
        }
    }
    

    我最终实施的解决方案如下所示:

    private String getXboxToken(String access_token) throws IOException {
                HttpResponse<JsonNode> xbox_response = Unirest.post("https://user.auth.xboxlive.com/user/authenticate")
            .header("Content-Type", "application/json")
            .header("Accept", "application/json")
            .body("{" +
                "    "Properties": {" +
                "        "AuthMethod": "RPS"," +
                "        "SiteName": "user.auth.xboxlive.com"," +
                "        "RpsTicket": "d=" + access_token + """ + // token retrieved from https://login.live.com/oauth20_token.srf
                "    }," +
                "    "RelyingParty": "http://auth.xboxlive.com"," +
                "    "TokenType": "JWT"" +
                "}")
            .asJson();
    
        // checks for unsuccessful responses
        if (!xbox_response.isSuccess())
            throw new IOException("Couldn't get xbox token :" + xbox_response.getStatusText());
    
        // just prints the result
        System.out.println(xbox_response.getBody().toPrettyString());
    
        JSONObject obj = xbox_response.getBody().getObject();
        return (String) obj.get("Token");
    }
    

    我正在使用Unirest 库,它大大简化了代码

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-03-26
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2011-08-04
      • 2015-02-26
      相关资源
      最近更新 更多