Skip to content

v4 → v5 migration guide

Jump to bottom
DoctorMcKay edited this page Feb 14, 2024 · 7 revisions

v5 release notes
v5 pull request

This document lists all breaking changes present in steam-user v5, and what you should do to modernize your code.

Now requires Node.js v14 or later (up from v8)

Upgrade your Node.js runtime to at least version 14.0.0.

Removed deprecated methods

setSentry()

Sentry files are no longer used for authentication. To avoid needing to supply an email Steam Guard code every time you log on, either store and use a refresh token or store and use a machine auth token.

Using Refresh Tokens

The first time you log on with your username and password to an account that's using email-based Steam Guard, you will need to supply an email code using the authCode option to logOn(), by listening for the steamGuard event, or by entering it into stdin when prompted (which only happens if no event listeners are attached to the steamGuard event). Once successfully logged on, the refreshToken event will be emitted, which gives you a refresh token that you can use for subsequent calls to logOn().

If you enable the renewRefreshTokens option, then steam-user will automatically attempt to renew your refresh token before it expires.

import SteamUser from 'steam-user';
import {readFileSync, writeFileSync} from 'fs';

let user = new SteamUser({renewRefreshTokens: true});
let logOnOptions = {};

// If we have a refresh token saved, use that
try {
    let refreshToken = readFileSync('refresh_token.txt').toString('utf8').trim();
    logOnOptions = {refreshToken};
} catch (ex) {
    console.log('No refresh token saved. Logging on with account name and password.');
    logOnOptions = {
        accountName: 'my_account_name',
        password: 'my_p4$$w0rd'
    };
}

user.logOn(logOnOptions);
user.on('loggedOn', function() {
    console.log(`Logged on to Steam as ${this.steamID}`);
});

user.on('refreshToken', function(token) {
    console.log('Got new refresh token');
    writeFileSync('refresh_token.txt', token);
});

Using Machine Auth Tokens

Just like in prior versions of steam-user, the module will automatically save machine auth tokens to your disk and use them for subsequent login attempts. If you want to disable this behavior and manage your machine auth tokens manually, set the dataDirectory option to null.

The first time you log on with your username and password to an account that's using email-based Steam Guard, you will need to supply an email code using the authCode option to logOn(), by listening for the steamGuard event, or by entering it into stdin when prompted (which only happens if no event listeners are attached to the steamGuard event). Once successfully logged on, the machineAuthToken event will be emitted, which gives you a machine auth token that you can use for subsequent calls to logOn().

import SteamUser from 'steam-user';
import {readFileSync, writeFileSync} from 'fs';

let user = new SteamUser({dataDirectory: null});

// If we have a machine auth token saved, use that
let machineAuthToken = null;
try {
    machineAuthToken = readFileSync('machine_auth_token.txt').toString('utf8').trim();
} catch (ex) {
    console.log('No machine auth token saved.');
}

user.logOn({
    accountName: 'my_account_name',
    password: 'my_p4$$w0rd',
    machineAuthToken
});

user.on('loggedOn', function() {
    console.log(`Logged on to Steam as ${this.steamID}`);
});

user.on('machineAuthToken', function(token) {
    console.log('Got new machine auth token');
    writeFileSync('machine_auth_token.txt', token);
});

Removed deprecated events

sentry

Use machineAuthToken, as described above.

Removed deprecated login key functionality

Use refresh tokens, as described above.

In March 2023, Steam stopped issuing new login keys (since they aren't used with the new auth system). In v4.28.0, steam-user started fetching refresh tokens when you passed rememberPassword: true in logOn(). Those refresh tokens were then passed to the loginKey event as if they were login keys, in order to allow old consumer apps that relied on login keys to keep working.

If you're presently using login keys, you should be able to modernize by simply making five changes:

  1. Enable the renewRefreshTokens option
  2. Rename the loginKey event to refreshToken
  3. Rename the loginKey prop in logOn() to refreshToken
  4. Remove the accountName prop in logOn() when using a refresh token
    • The old system of login keys required that you pass an account name when using a login key. With refresh tokens, it is instead required that you do not pass an account name.
  5. Remove the rememberPassword prop in logOn()
    • This option has been removed. Refresh tokens are always used when logging on.

Removed legacy authentication

Modern authentication covers all use-cases, and the API works the same between the two auth schemes.

Clone this wiki locally