-
-
Notifications
You must be signed in to change notification settings - Fork 386
Adding Steam to Aegis using the 'steam' Python library
One of likely many ways to get your Steam second-factor into Aegis. Also see https://github.com/beemdevelopment/Aegis/wiki/Adding-Steam-to-Aegis-from-Steam-Desktop-Authenticator
This might be a good method for you if you are comfortable on the command line. The following steps assume that you have a working Python 3 installation on Linux (though the steps are largely platform-independent. If you can install the needed programs, it should be fine).
This method will allow you to use the Steam app while also having the raw secret data that can be loaded into Aegis. The best of both worlds!
steamctl
and itsauthenticator
subcommand here on GitHub may be easier than this process and achieve similar results.
- Install the steam package and dependencies with
pip install steam google-api-python-client
. If you want to avoid typing long strings into Aegis, also feel free to grab qrcode. Feel free to use a virtual environment if you don't want these programs and dependencies persisting on your system. - If you have an existing "Mobile Authenticator" configured, you will need to disable it to follow along. Some words on how to do so in the Steam app can be found here
- If your Steam account doesn't have a phone number, you will need to add and verify one before following along. If the previous step applied to you, this one probably doesn't (as you already have a phone number associated with your Steam account if you already had a Mobile Authenticator set up).
Run python3
at your terminal to start a REPL/interactive Python interpreter. Type in the the following lines one at a time (no need to enter the comments, which are everything from the #
character onward), pressing enter after each line. No output is a good sign.
from steam.webauth import MobileWebAuth # See https://steam.readthedocs.io/en/stable/api/steam.webauth.html
from steam.guard import SteamAuthenticator # See https://steam.readthedocs.io/en/stable/api/steam.guard.html
import json # For saving your authenticator details/secrets as a json file
In the next line, substitute YOUR-USERNAME-HERE
below for your actual Steam account name, the one that you use to log in to Steam.
session = MobileWebAuth('YOUR-USERNAME-HERE') # Enter your username, keep the quotes
session.cli_login() # Will walk you through the login process interactively
authenticator = SteamAuthenticator(backend=session) # We are using this to do Steam Authenticator stuff using our just-established login/session
authenticator.add() # This will result in an text being sent to your phone with a verification code
The authenticator that you have just "added" isn't really added yet. It needs to be confirmed/finalized first. You have two options for doing that. Which option you choose depends on how you answer the following question.
Do you want to use Steam Guard in the Steam mobile app?
Note If not, you may not be able to confirm trade offers (effectively preventing you from trading at all)
If you want to use Steam Guard in the Steam mobile app as well, you will need to continue setup there. Leave your terminal open as we aren't quite done with it.
After you click "Add Authenticator" in the Steam app, it will ask you to enter the code that was sent to your phone. You should have received a code when you did the previous step, the authenticator.add()
call. Use that code.
Warning If you get a new text code (or the Steam app doesn't accept your original text code), the authenticator that you set up in the terminal won't match the one being set up in the Steam app. Go down to the Troubleshooting section and follow the steps detailed under "The authenticator in my Steam app doesn't match the one I generated."
If the Steam app accepts the text code you originally received, that is a good sign.
Now, The Steam app should be showing you a six character code that starts with an R
followed by 5 numbers. This is your revocation code. Before you worry about putting it somewhere safe, verify that the revocation code presented by the Steam app matches the one you generated in the Python interpreter. You can check that revocation code by running the following in your Python interpreter:
authenticator.secrets["revocation_code"]
If the two codes match, great! Carry on (and skip the "No"
section below).
If the two codes don't match, go down to the Troubleshooting section and follow the steps detailed under "The authenticator in my Steam app doesn't match the one I generated."
If you want to be extra sure that the authenticator is active, you can optionally run the following line in the Python interpreter:
authenticator.status()
The output should look something like below if everything worked as intended:
{'state': 1, 'inactivation_reason': 0, 'authenticator_type': 1, 'authenticator_allowed': True, 'steamguard_scheme': 2, 'token_gid': 'XXXXXXXXXXXXXXXX', 'email_validated': True, 'device_identifier': 'android:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', 'time_created': 1627450000, 'revocation_attempts_remaining': 5, 'classified_agent': 'other', 'allow_external_authenticator': False}
If it didn't work, it will probably look something like this:
{'state': 0, 'authenticator_allowed': True, 'steamguard_scheme': 1, 'email_validated': True, 'allow_external_authenticator': False}
If you don't want to use Steam Guard in the Steam mobile app (and are okay with the implications of such), you can finalize the authenticator as follows:
Warning If you followed the steps from the above "Yes" section, please skip to the next section,
Saving the Authenticator
authenticator.finalize("YOUR-SMS-CODE")
authenticator.status()
The output should look something like below if everything worked as intended:
{'state': 1, 'inactivation_reason': 0, 'authenticator_type': 1, 'authenticator_allowed': True, 'steamguard_scheme': 2, 'token_gid': 'XXXXXXXXXXXXXXXX', 'email_validated': True, 'device_identifier': 'android:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', 'time_created': 1627450000, 'revocation_attempts_remaining': 5, 'classified_agent': 'other', 'allow_external_authenticator': False}
If it didn't work, it will probably look something like this:
{'state': 0, 'authenticator_allowed': True, 'steamguard_scheme': 1, 'email_validated': True, 'allow_external_authenticator': False}
Now that your authenticator is active/finalized, it would be wise to save the secret data that forms the basis for your authenticator.
json.dump(authenticator.secrets, open('./steam_auth_secrets.json', 'w'))
After running this, you should find steam_auth_secrets.json in your current working directory.
Warning The file that you just saved is your "authenticator" Treat this file as you would a password/passphrase or any other sensitive digital data. In more specific terms, keep the file somewhere where it will be sufficiently safe from loss and from others. Notably, this file includes your
recovation_code
that can be used to disable the authenticator and theuri
/shared_secret
that can be used to generate Steam Guard codes (e.g., by adding it to Aegis).
At this point, you can add your Steam authenticator to Aegis.
In your Python interpreter, run:
authenticator.secrets["uri"]
(or, open the JSON file that you saved in the previous section and look for the uri
key)
and copy the value without the quotes (or you can remove them before you run the command to generate the QR code)
In a separate terminal (leave your Python interpreter running), run the following: qr "PASTE-YOUR-URI-HERE" > qr.png
Now, just open the image using your preferred image viewer, scan it with Aegis, and make sure you change the type from TOTP to Steam.
Aegis should be generating Steam Guard codes now! Let's make sure they are correct. Back in your Python interpreter, run:
authenticator.get_code()
The code generated in the Python interpreter should match what is shown in Aegis and (if applicable) what is shown in the Steam mobile app.
- If so, great! You are done!
- If not, something has gone wrong.
- If Aegis is generating a fully numerical one-time password, go and change its type from "TOTP" to "Steam" and try this line again to see if the output of get_code() and Aegis match.
If all has gone well, you have:
- created a Steam authenticator
- finalized (either via the Steam app or via
authenticator.finalize()
) the authenticator - saved the details of your authenticator as a JSON file
- and added the authenticator to Aegis
👏
Solution: Fear not! You don't even need to start from scratch if you still have your Python interpreter running from your initial attempt.
All that happened most likely was that too much time elapsed between running authenticator.add()
(which starts the process w/ Steam, results in you receiving a text verification code) and trying to configure
Run authenticator.remove()
, followed by another authenticator.add()
and continue on from Finalizing the Authenticator
.
>>> from steam.guard import SteamAuthenticator
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "python/3.9.12/lib/python3.9/site-packages/steam/guard.py", line 61, in <module>
from steam.utils.proto import proto_to_dict
File "python/3.9.12/lib/python3.9/site-packages/steam/utils/proto.py", line 4, in <module>
from google.protobuf.message import Message as _ProtoMessageType
ModuleNotFoundError: No module named 'google'
Solution: Double-check that you have installed the google-api-python-client package. It won't hurt to run pip install --upgrade google-api-python-client
again.
Q: Something went wrong! What do I do?
A: In no particular order, you could:
- re-read the instructions to see if you missed anything
- try the process starting from scratch
- read the API docs for the
steam
package- read other pages on this GitHub wiki (there may be a different process that works for you)
- use your favorite search engine to attempt to investigate your specific error
- you could contact the person who wrote this guide (see the next section).
Q: Something about this section is (confusing/could be improved/didn't work/locked me out of my account/etc.). Who (originally) wrote this guide? Can I contact them?
A: That would be @ChanceHarrison. Anyone can edit this wiki page though (and should feel encouraged to do). If you have feedback relevant to this guide (and don't want to make the changes yourself), you could potentially open an issue on the repo and mention/assign me on it to get my attention. If there is interest in automating this process or making it more robust, I'd be eager to hear about it. You can also get in contact with me via Matrix (@chanceharrison:matrix.org).