Use of refresh token and cookie.

[yeqwer]

Is it possible to login to steam using only refresh token or cookie? :D

[somespecialone]

username, password and shared_secret args required only to do login process. Fact that you do have a cookie means that you already logged in, therefore access token (steamLoginSecure cookie) can be expired already.

Try to pass an empty string to client init, access_token as normal from your cookie (or update client session cookies with func from utils) and then check session_is_alive. If True, you can do what you intend to. Steam can issue new access token underneath with first request.

If not, well, you need a username and password and shared_secret to login, similar as you try to login in web browser. It is not possible to login only via refresh token, just because I can't comprehend things there.

As far as I understand, refresh token intended to use with/within mobile device login process, which not implemented in aiosteampy.

[yeqwer]

Thanks for the reply!

I have already made the changes and I am able to log in using only refresh_token or cookies (steamLoginSecure and sessionid).
refresh_token is only needed to update access_token, which in turn forms steamLoginSecure (it's really just steam_id + access_token).

So I update access_token using the node.js module steam-session.
If I had more direct hands, I would make a PR, but I can help people with similar problem now.

[somespecialone]

Nice! Can you explain to me how things work in steam-session then? How and where refresh token used?

[yeqwer]

`index.js`

import { LoginSession, EAuthTokenPlatformType } from "steam-session";

let session = new LoginSession(EAuthTokenPlatformType.MobileApp);
session.refreshToken = "xxxxxxxx";

let cookies = await session.getWebCookies();
console.log(cookies);  //this is where we get the login cookie 

I think it can be done more nicely and intelligently, but this session update solution works well.
This example is in the steam-session documentation

[yeqwer]

I also understood that refresh_token is done separately for each platform. Since I login by qr code, I have EAuthTokenPlatformType.MobileApp platform. For a web session, you should use EAuthTokenPlatformType.WebBrowser