steam-user
Version:
Steam client for Individual and AnonUser Steam account types
977 lines (679 loc) • 133 kB
Markdown
# SteamUser
### Allows interaction with the Steam network via the Steam client protocol
[](https://npmjs.com/package/steam-user)
[](https://npmjs.com/package/steam-user)
[](https://github.com/DoctorMcKay/node-steam-user/blob/master/LICENSE)
[](https://github.com/sponsors/DoctorMcKay)
SteamUser allows you to communicate with the Steam servers in the same manner as a proper Steam client. It's designed to
be a self-contained module which provides all the functionality expected of a Steam user client.
Node.js v14.0.0 or later is required.
[Subscribe to release announcements](https://github.com/DoctorMcKay/node-steam-user/releases.atom)
**Have a question about the module or coding in general? *Do not create a GitHub issue.* GitHub issues are for feature
requests and bug reports. Instead, post in the [dedicated forum](https://dev.doctormckay.com/forum/7-node-steam-user/). Such issues may be ignored!**
[Upgrading from v4?](https://github.com/DoctorMcKay/node-steam-user/wiki/v4-%E2%86%92-v5-migration-guide)
[Upgrading from v3?](https://github.com/DoctorMcKay/node-steam-user/releases/tag/v4.0.0)
## Installation
Install it from [npm](https://www.npmjs.com/package/steam-user):
$ npm install steam-user
# Contents
- [Patterns](#patterns-)
- [Enums](#enums-)
- [Static Methods](#static-methods-)
- [Options](#options-)
- [Properties](#properties-)
- [Methods](#methods-)
- [Events](#events-)
Some of the documentation for `SteamUser`, especially documentation for experimental features (but not exclusively),
is located in [the GitHub wiki](https://github.com/DoctorMcKay/node-steam-user/wiki).
# Patterns [^](#contents)
There are a number of coding patterns that are repeated throughout `SteamUser`. **Please read this section in its
entirety before starting work with `SteamUser`.**
### Callbacks and Promises
All methods listed in this document that accept a callback also return a `Promise`. You may use either callbacks or
promises.
Legacy callbacks return their data spanning across multiple arguments. All promises (which return any data at all)
return a single object containing one or more properties. The names of these properties for legacy callbacks are the
names of the callback arguments listed in this readme. Newer callbacks return a single object `response` argument, which
is identical to the promise output for that method.
Some methods indicate that their callback is required or optional. **You are never required to use callbacks over
promises**, but if a callback is listed as optional then an unhandled promise rejection will not raise a warning/error.
If a callback is listed as required and you neither supply a callback nor handle the promise rejection, then a
promise rejection will raise a warning, and eventually a crash in a future Node.js release.
# Enums [^](#contents)
There are a lot of enums used in Steam. They're all available directly from `SteamUser`. For example, access `EResult`
using `SteamUser.EResult`.
All enums can be viewed [on GitHub](https://github.com/DoctorMcKay/node-steam-user/tree/master/enums).
Additionally, for convenience, the name of an enum value is available from any enum at the key identified by the enum
value. For example, given an EResult of `88` you can translate it using `SteamUser.EResult[88]` which gives you
the string `TwoFactorCodeMismatch`.
# Static Methods [^](#contents)
Static methods, or functions attached directly to `SteamUser`, are called on the root module and not on instantiated handler instances.
### formatCurrency(amount, currency)
- `amount` - The amount of the currency
- `currency` - The currency code value in the [`ECurrencyCode`](#ecurrencycode) enum
Formats a currency value and returns a string. For example:
```js
console.log(SteamUser.formatCurrency(12.34, SteamUser.ECurrencyCode.USD)); // $12.34
console.log(SteamUser.formatCurrency(12345, SteamUser.ECurrencyCode.JPY)); // ¥ 12345
console.log(SteamUser.formatCurrency(123.45, SteamUser.ECurrencyCode.EUR)); // 123,45€
```
# Options [^](#contents)
There are a number of options which can control the behavior of the `SteamUser` object. They are:
### dataDirectory
Controls where the Steam server list and machine auth token files are written. If `null`, no data will be automatically
stored.
Defaults to a platform-specific user data directory.
- On [OpenShift](https://www.openshift.com), this is `$OPENSHIFT_DATA_DIR/node-steamuser`
- On Windows, this is `%localappdata%\doctormckay\node-steamuser`
- On Mac, this is `~/Library/Application Support/node-steamuser`
- On Linux, this is `$XDG_DATA_HOME/node-steamuser`, or `~/.local/share/node-steamuser` if `$XDG_DATA_HOME` isn't defined or is empty
#### Custom Storage Engine
If you don't want to (or can't) save data to the disk, you can implement your own storage engine. To do this, simply add the following code:
```js
user.storage.on('save', function(filename, contents, callback) {
// filename is the name of the file, as a string
// contents is a Buffer containing the file's contents
// callback is a function which you MUST call on completion or error, with a single error argument
// For example:
someStorageSystem.saveFile(filename, contents, function(err) {
callback(err);
});
});
user.storage.on('read', function(filename, callback) {
// filename is the name of the file, as a string
// callback is a function which you MUST call on completion or error, with an error argument and a Buffer argument
// For example:
someStorageSystem.readFile(filename, function(err, file) {
if(err) {
callback(err);
return;
}
callback(null, file);
});
});
```
In this manner, you can save data to a database, a cloud service, or anything else you choose.
### autoRelogin
A boolean which controls whether or not `SteamUser` will automatically reconnect to Steam if disconnected due to Steam going down.
Defaults to `true`.
### machineIdType
What kind of machine ID will SteamUser send to Steam when logging on? Should be a value from [`EMachineIDType`](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EMachineIDType.js).
Added in 1.7.0.
Defaults to `AccountNameGenerated`.
### machineIdFormat
If you're using `machineIdType` `AccountGenerated`, this is the format it uses. This is an array of three strings, each of which will be hashed with SHA1 before being sent to Steam. `{account_name}` will be replaced with the current account name.
Added in 1.13.0.
Defaults to `["SteamUser Hash BB3 {account_name}", "SteamUser Hash FF2 {account_name}", "SteamUser Hash 3B3 {account_name}"]`.
### enablePicsCache
If enabled, then `node-steam-user` will internally cache data in memory about all apps and packages that it knows about.
Currently, `node-steam-user` "knows about" an app/package if:
- Packages
- You own it, or
- You request info about it via `getProductInfo`
- Apps
- It's in a known package, or
- You request info about it via `getProductInfo`, or
- A friend who is online plays the app, or
- You request info about an online user who is playing it via `getPersonas`
This option is required in order to use several methods and events. This works when logging in anonymously.
Added in 3.3.0.
Defaults to `false`.
### picsCacheAll
If `picsCacheAll` is enabled, `enablePicsCache` is enabled, and `changelistUpdateInterval` is nonzero, then apps and
packages which get updated while your bot is running will also be added to the cache. Default behavior is to only cache
apps and packages that are "known" via the above criteria.
Added in 3.3.0.
Defaults to `false`.
### changelistUpdateInterval
If `enablePicsCache` is enabled, then `node-steam-user` will automatically request app/package changes (via
`getProductChanges`) for known apps and packages, and update the internal cache when they update. This is the frequency,
in milliseconds, for changelist update requests. Set to `0` to disable.
Added in 3.3.0.
Defaults to `60000`. Minimum value `1000`, although you're recommended to not go below 10 seconds or so.
### ownershipFilter
Specify a custom app/package ownership filter object or function to be applied to all calls to `getOwned*()` and `owns*()`
where a filter is not specified in the method invocation. If you specify a `filter` when you call `getOwned*()` or `owns*()`,
then that filter is applied and the global `ownershipFilter` is ignored.
Added in 4.22.0.
Defaults to a filter that excludes expired licenses only.
This filter can be either an object or a function:
#### Filter Object
A filter object should contain zero or more of these properties:
- `excludeFree` - Pass `true` to exclude free licenses (no cost/guest pass/free on demand/free commercial license)
- `excludeShared` - Pass `true` to exclude licenses acquired via [family sharing](https://store.steampowered.com/promotion/familysharing)
- `excludeExpiring` - Pass `true` to exclude licenses that have an expiration date (e.g. free weekends) but are not yet expired
Any omitted properties are assumed to be `false`. If you don't specify an ownership filter, an empty object is assumed.
#### Filter Function
You can also provide your own custom filter function. This function will be called for each license owned by your account,
and should return `true` to include a license or `false` to exclude it. This function should have the same arguments
as the callback you'd pass to [Array.prototype.filter](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter).
The `element` argument will be an object of type
[Proto_CMsgClientLicenseList_License](https://github.com/DoctorMcKay/node-steam-user/blob/9312326c34fed69a2ea6c4102ed25e3073f0516d/protobufs/generated/_types.js#L9755-L9775)
(same as the [`licenses`](#licenses) property).
Please note that when you specify a custom filter function, expired licenses (e.g. past free weekends) will be sent to
your filter function as candidates for inclusion, but these licenses are filtered out in all other cases. You can determine
if a license is expired by checking `if (license.flags & SteamUser.ELicenseFlags.Expired)`.
Example usage:
```js
user.setOption('ownershipFilter', (license) => {
// only passes licenses that were acquired at least a year ago
let time = Math.floor(Date.now() / 1000);
return time - license.time_created >= 60 * 60 * 24 * 365;
});
```
### additionalHeaders
Set this to an object where keys are header names and values are header values, and those headers will be included
with all HTTP requests `node-steam-user` makes to the Steam WebAPI.
Added in 3.29.0.
Defaults to `{}`.
### localAddress
Pass an IP here (as a string) to bind to that address, or `null` to let the OS decide.
Added in 4.0.0.
Defaults to `null`.
### localPort
Pass a port here to bind to that port, or `null` to let the OS decide.
Added in 4.0.0.
Defaults to `null`.
### httpProxy
Specify a URL here to use an HTTP proxy. For example, `http://user:pass@1.2.3.4:8081`
Added in 4.0.0.
### socksProxy
Specify a URL here to use a SOCKS proxy. SOCKS4, SOCKS4a, and SOCKS5 are supported.
Example: `socks5://x1234567:kNRLnUDG46@proxy-nl.privateinternetaccess.com:1080`
Added in 4.26.0.
### protocol
A value from [`EConnectionProtocol`](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EConnectionProtocol.js).
Added in 4.0.0.
Defaults to `Auto`.
### language
Set this to the full name of a language (e.g. "english" or "spanish") to localize specific things within steam-user.
Currently this is only used to localize `rich_presence_string` in [`user`](#user) event data and in `requestRichPresence`.
Added in 4.0.0.
Defaults to `english`.
### webCompatibilityMode
If you're having trouble connecting to Steam (e.g. through a firewall or a proxy), set this to `true`. When in web
compatibility mode, connections to Steam will always use WebSockets (the `protocol` option will be ignored, and you
will get a warning if you set it to `TCP`), and only Steam servers listening on port 443 will be considered.
Added in 4.6.0.
Defaults to `false`.
### saveAppTickets
If true, then calls to [`getAppOwnershipTicket`](https://github.com/DoctorMcKay/node-steam-user/wiki/Steam-App-Auth#getappownershipticketappid-callback)
will save ownership tickets to disk and will return cached tickets unless they are expired.
Added in 3.5.0.
Defaults to `true`.
### renewRefreshTokens
If true, then `SteamUser` will attempt to renew your refresh token every time you call [`logOn()`](#logondetails) by
passing a refresh token. If renewal succeeds, the [`refreshToken`](#refreshtoken) event will be emitted, and the refresh
token you used to log on will become invalid.
Added in 5.0.0.
Defaults to `false`.
# Properties [^](#contents)
### steamID
`null` if not connected, a [`SteamID`](https://www.npmjs.com/package/steamid) containing your SteamID otherwise.
### options
An object containing options for this `SteamUser`. **Read-only**; use `setOption` or `setOptions` to change an option.
### publicIP
**v1.12.0 or later is required to use this property**
Only defined if you're currently logged on. This is your public IP as reported by Steam, in "x.x.x.x" format.
### cellID
**v1.12.0 or later is required to use this property**
Only defined if you're currently logged on. This is your cell (region ID) on the Steam network.
### vanityURL
**v3.7.0 or later is required to use this property**
Only defined if you're currently logged on. This is your vanity URL (the part that goes after `/id/` in your profile
URL). Falsy if you don't have one.
### accountInfo
An object containing information about your account. `null` until [`accountInfo`](#accountinfo-1) is emitted.
- `name` - Your account's Steam (persona) name
- `country` - The country code from which you're logging in (via GeoIP), e.g. "US"
- `authedMachines` - How many machines are authorized to login to your account with Steam Guard
- `flags` - Your account's bitwise [flags](https://github.com/SteamRE/SteamKit/blob/b80cdf5249891d54c655e39262d8267c7b40b249/Resources/SteamLanguage/enums.steamd#L81-L113)
- `facebookID` - If your account is linked with Facebook, this is your Facebook account ID
- `facebookName` - If your account is linked with Facebook, this is your (real) name on Facebook
### emailInfo
An object containing information about your account's email address. `null` until [`emailInfo`](#emailinfo-1) is emitted.
- `address` - Your email address
- `validated` - `true` if your email is validated, `false` if not
### limitations
An object containing information about your account's limitations. `null` until [`accountLimitations`](#accountlimitations) is emitted.
- `limited` - `true` if your account is [limited](https://support.steampowered.com/kb_article.php?ref=3330-IAGK-7663), `false` if not
- `communityBanned` - `true` if your account is banned from Steam Community, `false` if not
- `locked` - `true` if your account is [locked](https://support.steampowered.com/kb_article.php?ref=6416-FHVM-3982), `false` if not (accounts can also be locked by Support)
- `canInviteFriends` - `true` if your account can invite friends, `false` if not
### vac
An object containing information about your account's VAC bans. `null` until [`vacBans`](#vacbans) is emitted.
- `numBans` - How many bans are registered on your account
- `appids` - An array of AppIDs from which you're banned. Since each ban affects a range of AppIDs, some of the AppIDs in this array may not exist.
### wallet
An object containing information about your Steam Wallet. `null` until [`wallet`](#wallet-1) is emitted.
- `hasWallet` - `true` if your account has a Steam Wallet, `false` if not
- `currency` - The currency ID of your account's wallet (the enum of currencies is available as `SteamUser.ECurrencyCode`)
- `balance` - Your account's current wallet balance
### licenses
An array containing license data for the packages which your Steam account owns. `null` until [`licenses`](#licenses-1) is emitted.
### gifts
An array containing gifts and guest passes you've received but haven't accepted (to your library or to your inventory) or declined.
`null` until [`gifts`](#gifts-1) is emitted. Each object in the array contains these properties:
- `gid` - The ID of this gift/guest pass, as a string (it's a 64-bit number)
- `packageid` - The ID of the package which this gift/guest pass will grant
- `TimeCreated` - A `Date` object for when this gift was purchased or guest pass was granted
- `TimeExpiration` - A `Date` object for when this guest pass will expire (if it's a gift, this will be Mon Jan 18 2038 22:14:07 GMT-0500 (Eastern Standard Time))
- `TimeSent` - A `Date` object for when this gift/guest pass was sent to you
- `TimeAcked` - Appears to be the same as `TimeSent`
- `TimeRedeemed` - Appears to always be `null`
- `RecipientAddress` - Appears to always be an empty string
- `SenderAddress` - Appears to always be an empty string
- `SenderName` - The Steam display name of the user who sent you this gift
### users
An object containing persona data about all Steam users we've encountered or requested data for. Key are 64-bit SteamIDs,
and values are identical to the objects received in the [`user`](#user) event.
This property may not be updated unless you set your instance to [online](#setpersonastate-name).
### groups
An object containing information about all Steam groups we've encountered. Keys are 64-bit SteamIDs, and values are
identical to those received in the [`group`](#group) event.
This property may not be updated unless you set your instance to [online](#setpersonastate-name).
### chats
An object containing information about all legacy chat rooms we're in. Keys are 64-bit SteamIDs, values are objects with this structure:
- `name` - The name of the chat, or empty if it's a multi-user chat
- `private` - `true` if only group members can join, `false` if it's open to everyone
- `invisibleToFriends` - `true` if the chat is invisible to friends, `false` if visible (unsure what this means at this time)
- `officersOnlyChat` - `true` if only group officers can chat right now, `false` if everyone can
- `unjoinable` - `true` if the chat can't be joined, `false` if it can (note that this doesn't necessary mean **your** effective access)
- `members` - An object whose keys are 64-bit SteamIDs of users in this chat room, and whose values are objects with this structure:
- `rank` - A value from `EClanRank`
- `permissions` - A bitstring of values in `EChatPermission` for the user's permissions in this chat
### myFriends
An object whose keys are 64-bit SteamIDs, and whose values are values from the `EFriendRelationship` enum. Therefore, you can deduce your friends list from this object.
When we get unfriended, instead of setting the value to `EFriendRelationship.None`, the key is deleted from the object entirely.
This isn't populated after logon until [`friendsList`](#friendslist) is emitted.
### myGroups
An object whose keys are 64-bit SteamIDs, and whose values are from the `EClanRelationship` enum. Therefore, you can deduce which groups you're in from this object.
When we leave a group, instead of setting the value to `EClanRelationship.None`, the key is deleted from the object entirely.
This isn't populated after logon until [`groupList`](#grouplist) is emitted.
### myFriendGroups
**v1.10.0 or later is required to use this property**
An object containing your friend groups (in the official client, these are called *tags*). Keys are numeric group IDs, and objects as follows:
- `name` - A `string` containing the name of the group.
- `members` - An array containing `SteamID` objects for the members of this friend group.
### myNicknames
**v3.15.0 or later is required to use this property**
An object containing the nicknames you have assigned to other users. Keys are numeric 64-bit SteamIDs, properties are strings containing that user's nickname.
This is empty until [`nicknameList`](#nicknamelist) is emitted.
### picsCache
**v3.3.0 or later is required to use this property**
An object containing cached data about known apps and packages. Only useful if the `enablePicsCache` option is `true`.
- `changenumber` - The last known changenumber
- `apps` - An object whose keys are AppIDs and values are objects identical to those returned by `getProductInfo`
- `packages` - An object whose keys are PackageIDs and values are objects identical to those returned by `getProductInfo`
### chat
**v4.0.0 or later is required to use this property**
This is a `SteamChatRoomClient` instance. Use this object to chat with friends and chat rooms.
[Read SteamChatRoomClient docs here.](https://github.com/DoctorMcKay/node-steam-user/wiki/SteamChatRoomClient)
### playingState
**v4.0.0 or later is required to use this property**
An object containing information about your current playing state. This object has these properties:
- `blocked` - `true` if you're blocked from playing a game on this session (because a game is being played on this account using another logon session)
- `appid` - The AppID of the game you're playing, or `0` if you're not playing any game
### packageName
**v4.2.0 or later is required to use this property**
Contains the name of this package. The value is always `"steam-user"`. This allows other modules to verify interoperability.
### packageVersion
**v4.2.0 or later is required to use this property**
Contains the version of this package. For example, `"4.2.0"`. This allows other modules to verify interoperability.
# Methods [^](#contents)
### Constructor(options)
- `options` - An optional object containing zero or more [options](#options-) to set for this `SteamUser`.
Constructs a new `SteamUser`.
Prior to v4.0.0, it was possible to pass a SteamClient instance as the first argument to this constructor. This functionality was removed in v4.0.0. [See the full list of v4 changes.](https://github.com/DoctorMcKay/node-steam-user/releases/tag/v4.0.0)
### setOption(option, value)
- `option` - The name of the option to set
- `value` - The value to set for this option
Changes the value of an [option](#options-).
### setOptions(options)
- `options` - An object containing zero or more [options](#options-).
### logOn([details])
- `details` - An object containing details for this logon
- `anonymous` - Pass `true` if you want to log into an anonymous account, omit or pass `false` if not
- `refreshToken` - A refresh token, [see below](#using-refresh-tokens)
- `accountName` - If logging into a user account, the account's name
- `password` - If logging into an account without a refresh token or web logon token, the account's password
- `machineAuthToken` - If logging into an account that has email Steam Guard using the account name and password,
pass a valid machine auth token to avoid needing to provide an `authCode`. This is only necessary in advanced cases,
as steam-user [will take care of this for you by default](#machine-auth-tokens)
- `webLogonToken` - If logging into an account with a [client logon token obtained from the web](https://github.com/DoctorMcKay/node-steamcommunity/wiki/SteamCommunity#getclientlogontokencallback), this is the token
- `steamID` - If logging into an account with a client logon token obtained from the web, this is your account's SteamID, as a string or a `SteamID` object
- `authCode` - If you have a Steam Guard email code, you can provide it here. You might not need to, see the [`steamGuard`](#steamguard) event. (Added in 1.9.0)
- `twoFactorCode` - If you have a Steam Guard mobile two-factor authentication code, you can provide it here. You might not need to, see the [`steamGuard`](#steamguard) event. (Added in 1.9.0)
- `logonID` - A 32-bit integer to identify this login. The official Steam client derives this from your machine's private IP (it's the `obfuscated_private_ip` field in `CMsgClientLogOn`). If you try to logon twice to the same account from the same public IP with the same `logonID`, the first session will be kicked with reason `SteamUser.EResult.LogonSessionReplaced`. Defaults to `0` if not specified.
- As of v4.13.0, this can also be an IPv4 address as a string, in dotted-decimal notation (e.g. `"192.168.1.5"`)
- `machineName` - A string containing the name of this machine that you want to report to Steam. This will be displayed on steamcommunity.com when you view your games list (when logged in).
- `clientOS` - A [number](https://github.com/DoctorMcKay/node-steam-user/blob/master/enums/EOSType.js) to identify your client OS. Auto-detected if you don't provide one.
**v3.11.0 or later is required to use `machineName`.**
**v4.3.0 or later is required to use `webLogonToken`.**
**v4.25.0 or later is required to use `refreshToken`.**
**v4.29.0 or later is required to use `machineAuthToken`.**
Logs onto Steam. Omit the `details` object if you wish to login to an anonymous user account.
There are five ways to log onto Steam:
- Anonymously
- Pass `anonymous: true` to log onto an anonymous user account
- These properties are optional:
- `machineName`
- `clientOS`
- *All other properties **must not** be provided*
- In versions of steam-user prior to 4.27.0, logging on anonymously was accomplished by simply omitting `refreshToken`
and `accountName` (or omitting the `details` object entirely). If neither property was set then steam-user would
default to logging on anonymously. This is still current behavior, but logging on in this manner is now deprecated.
If you now call `logOn()` without providing a `refreshToken` or `accountName` and without specifying `anonymous: true`,
then steam-user will raise a warning and then log on anonymously.
- Individually using a refresh token **(recommended)**
- These properties are required:
- `refreshToken`
- These properties are optional:
- `steamID` - If provided, steam-user will check to make sure that the provided `refreshToken` matches this SteamID. If SteamIDs don't match, the app will crash.
- `logonID` - Defaults to 0 if not specified.
- `machineName` - Defaults to empty string if not specified.
- `clientOS` - Defaults to an auto-detected value if not specified.
- These properties must not be provided:
- `accountName`
- `password`
- `machineAuthToken`
- `webLogonToken`
- `authCode`
- `twoFactorCode`
- Individually using account name and password
- These properties are required:
- `accountName`
- `password`
- These properties are optional:
- `machineAuthToken` - Specify if you are logged into an account with email Steam Guard and you have a valid machine token
- `authCode` - Specify if you are using an email Steam Guard code.
- `twoFactorCode` - Specify if you are using a TOTP two-factor code (required if your account has 2FA enabled).
- `logonID` - Defaults to 0 if not specified.
- `machineName` - Defaults to empty string if not specified.
- `clientOS` - Defaults to an auto-detected value if not specified.
- These properties must not be provided:
- `webLogonToken`
- `steamID`
- Individually using account name and [client logon token obtained from the web](https://github.com/DoctorMcKay/node-steamcommunity/wiki/SteamCommunity#getclientlogontokencallback) (deprecated)
- **NOTE:** If you log on this way, [`webSession`](#websession) will **NOT** be emitted automatically, and you will need to use [`webLogOn()`](#weblogon) to get a web session.
- These properties are required:
- `accountName`
- `webLogonToken`
- `steamID`
- These properties must not be provided:
- `password`
- `machineAuthToken`
- `authCode`
- `twoFactorCode`
- `logonID`
- `machineName`
- `clientOS`
#### Using Refresh Tokens
The Steam client uses refresh tokens when logging on. You can obtain a refresh token using the
[steam-session module](https://www.npmjs.com/package/steam-session), or you can log on to steam-user using your account name and password as normal. When
logging on using your account name and password, steam-user will internally fetch a refresh token, emit the
[`refreshToken`](#refreshtoken) event, and then use that token to log on to Steam.
As of 2022-09-03, refresh tokens are JWTs that are valid for ~200 days. You can keep using the same refresh token to log
on until it expires. You can find out when a token expires by [decoding it](https://www.npmjs.com/search?q=jwt) and checking
the `exp` property, which is a Unix timestamp indicating when the token expires.
If you attempt to log on using a refresh token that isn't valid for use with client logins, the app will crash with a
relevant error message.
#### Machine Auth Tokens
When using email Steam Guard, *machine auth tokens* are used to remember a device, in order to bypass the requirement to
provide a code every time you login. By default, steam-user will automatically save your machine auth tokens in your
[data directory](#datadirectory), but you can also manage them yourself by listening for the [`machineAuthToken`](#machineauthtoken)
event and providing the token as a `machineAuthToken` property when you log on.
### logOff()
Logs you off of Steam and closes the connection.
### relog()
**v3.18.0 or later is required to use this method**
Logs you off of Steam and then immediately back on. This can only be used if one of the following criteria are met:
- You're logged into an anonymous account
- You're logged into an individual account and you logged in using an account name and password
- You're logged into an individual account and you used a `refreshToken` to log on
Attempts to call this method under any other circumstance will result in an `Error` being thrown and nothing else will happen.
When used, `disconnected` and then `loggedOn` will be emitted in succession. This is essentially the same as using
`logOff()` and then calling `logOn()` immediately in the `disconnected` event callback.
### webLogOn()
`SteamUser` will automatically log onto steamcommunity.com when a successful connection to Steam is established (as an
individual user), but you can call `webLogOn()` to create a new session if your old one expires or becomes invalid.
Listen for the [`webSession`](#websession) event to get your cookies.
### requestValidationEmail([callback])
- `callback` - Optional. Called when a response is available
- `err` - An `Error` object on failure, or `null` on success
Requests Steam to send you a validation email to your registered email address.
### enableTwoFactor(callback)
- `callback` - Required. Called when the activation email or SMS has been sent.
- `err` - An `Error` object on failure, or `null` on success
- `response` - An object containing the response data
**v2.0.0 or later is required to use this method**
Starts the process to turn on TOTP for your account.
If you have a phone number linked with your account, then you'll be sent an SMS with an activation code. Otherwise,
you'll receive the activation code by email. You'll need to provide the activation code to `finalizeTwoFactor`.
**You should save the entire `response` object somewhere secure.** You can use `JSON.stringify` on it safely.
Properties of note in the `response` object:
- `status` - A value from `EResult`. If this is not `OK` (1), then the request failed.
- `shared_secret` - This is your secret that's used for two-factor authentication.
- `identity_secret` - This is your secret that's used for trade confirmation.
- `revocation_code` - You will need this in the future to disable two-factor authentication.
### finalizeTwoFactor(secret, activationCode, callback)
- `secret` - A `Buffer` containing your shared secret
- `activationCode` - A `string` containing the activation code you got in your SMS or email
- `callback` - Required.
- `err` - An `Error` object on failure, or `null` on success
**v2.0.0 or later is required to use this method**
Finishes the process of enabling TOTP two-factor authentication for your account. You can use
[`steam-totp`](https://www.npmjs.com/package/steam-totp) in the future when logging on to get a code.
**If TOTP two-factor authentication is enabled, a code will be required *on every login* unless a refresh token is used.**
### getSteamGuardDetails(callback)
- `callback` - A function to be called when the requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `isSteamGuardEnabled` - `true` if Steam Guard is enabled for your account, `false` if not
- `timestampSteamGuardEnabled` - A `Date` object representing when Steam Guard was enabled for your account, or `null` if not available
- `timestampMachineSteamGuardEnabled` - A `Date` object representing when your current machine was authorized with Steam Guard, or `null` if not available
- `canTrade` - `true` if Steam Guard will allow you to trade, `false` if not. You may still be blocked by a trade ban or another trading limitation.
- `timestampTwoFactorEnabled` - A `Date` object representing when the Steam Guard Mobile Authenticator was enabled for your account, or `null` if not enabled
- `isPhoneVerified` - `true` if your account has a linked phone, `false` if not
**v1.11.0 or later is required to use this method.
v1.12.0 or later is required to use `canTrade`.
v3.3.3 or later is required to use `timestampTwoFactorEnabled`.
v3.5.0 or later is required to use `isPhoneVerified`.**
Requests details about your account's Steam Guard status. This could be used to see if your account passes the Steam Guard trading requirements.
In order to trade, **all** of the following must be true:
- `isSteamGuardEnabled` must be `true` (account-level restriction)
- `timestampSteamGuardEnabled` must be at least 15 days ago (account-level restriction)
- ONE of `timestampMachineSteamGuardEnabled` OR `timestampTwoFactorEnabled` must be at least 7 days ago
### getCredentialChangeTimes(callback)
- `callback` - A function to be called when the requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `timestampLastPasswordChange` - A `Date` object representing when your password was last changed, or `null` if never changed
- `timestampLastPasswordReset` - A `Date` object representing when your password was last *reset* via the "forgot your password" utility, or `null` if never reset
- `timestampLastEmailChange` - A `Date` object representing when your email address was last changed, or `null` if never changed
**v3.10.0 or later is required to use this method**
Gets when you last changed various account credentials.
### getAuthSecret(callback)
- `callback` - A function to be called when the requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `secretID` - A numeric ID assigned to your key by Steam
- `key` - Your account's "auth secret", as a `Buffer`
**v3.10.0 or later is required to use this method**
Gets your account's auth secret, which is the pre-shared key used for in-home streaming.
### getPrivacySettings(callback)
- `callback` - A function to be called when the requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `response` - The response object
- `privacy_state` - The [privacy state](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EPrivacyState.js) of your profile
- `privacy_state_inventory` - The [privacy state](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EPrivacyState.js) of your Steam inventory
- `privacy_state_gifts` - The [privacy state](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EPrivacyState.js) of your Steam gift inventory
- `privacy_state_ownedgames` - The [privacy state](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EPrivacyState.js) of your owned games list
- `privacy_state_playtime` - The [privacy state](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EPrivacyState.js) of your game playtime
- `privacy_state_friendslist` - The [privacy state](https://github.com/DoctorMcKay/node-steam-user/blob/master/resources/EPrivacyState.js) of your friends list
**v4.11.0 or later is required to use this method**
Retrieves your account's privacy settings. You can't change your privacy state using steam-user; you'll need to use
[steamcommunity](https://github.com/DoctorMcKay/node-steamcommunity/wiki/SteamCommunity#profilesettingssettings-callback).
### kickPlayingSession([callback])
- `callback` - Optional. A function to be called once Steam receives and responds to this request.
- `err` - An `Error` object on failure, or `null` on success
- `response` - The response object
- `playingApp` - This is the AppID of the game that was being played elsewhere
**v3.21.0 or later is required to use this method**
**v4.22.0 or later is required to read `playingApp` in the callback**
If this account is being used to play a game on another logon session, calling this method will kick that other session
off of Steam entirely (it will get an `error` event if the other session is using node-steam-user).
### gamesPlayed(apps[, force])
- `apps` - An array, object, string, or number (see below)
- `force` - Optional, default `false`. If `true` and this account is playing a game elsewhere, calls `kickPlayingSession` first.
**v3.21.0 or later is required to use `force`**
Reports to Steam that you're playing or using zero or more games/apps. To exit all games/apps, use an empty array `[]`.
To play a single game by AppID, use a single integer (e.g. `440`)
To play a single non-Steam game by name, use a single string (e.g. `"Minecraft"`)
To play a single game by AppID and name (the client-provided name is what is given to the WebAPI and mobile app), use an object of this format:
```json
{
"game_id": 440,
"game_extra_info": "Team Fortress 2"
}
```
You can use multiple apps by providing an array of any mixture of the above formats.
### getPlayerCount(appid, callback)
- `appid` - The AppID of the app for which you'd like the current player/user count (use `0` to get current logged-in Steam user count)
- `callback` - Called when the requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `playerCount` - How many Steam users are currently playing/using the app
Requests a count of how many Steam users are currently playing/using an app.
### serverQuery(conditions, callback)
- `conditions` - A [filter string](https://developer.valvesoftware.com/wiki/Master_Server_Query_Protocol#Filter) or an object containing one or more of the following properties:
- `app_id` - The AppID of the game for which you want servers
- `geo_location_ip` - The IP address of the querying client, used for geolocation (in `x.x.x.x` format)
- `region_code` - The [region code](https://developer.valvesoftware.com/wiki/Master_Server_Query_Protocol#Region_codes) where you want servers
- `filter_text` - A [filter string](https://developer.valvesoftware.com/wiki/Master_Server_Query_Protocol#Filter)
- `max_servers` - Maximum number of servers to return in this response (default and hard limit 5000)
- `callback` - Called when the response is available
- `err` - If an error occurred, this is an `Error` object. Otherwise, it's `null`.
- `servers` - An array of objects containing server data
- `ip` - The server's IP in `x.x.x.x` format
- `port` - The server's game port
- `players` - How many authenticated players are on this server (the Steam server browser will use this value if the gameserver itself reports more players and doesn't report itself as full, to prevent inflated player counts)
Requests a list of game servers from the master server.
### getServerList(filter, limit, callback)
- `filter` - A master server [filter string](https://developer.valvesoftware.com/wiki/Master_Server_Query_Protocol#Filter)
- `limit` - How many servers should be returned, at maximum. Hard limit is 20,000.
- `callback` - Called when the requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `servers` - An array of objects containing server data
- `addr` - The server's IP address in `x.x.x.x:p` format
- `gameport` - The port the server is running on for game clients
- `specport` - The port the server is running on for spectator clients (`null` for none)
- `steamid` - A [`SteamID`](https://www.npmjs.com/package/steamid) object containing the server's SteamID
- `name` - The server's hostname
- `appid` - The AppID of the game which the server is serving
- `gamedir` - The directory of the game which the server is serving
- `version` - The version of the game which the server is serving
- `product` - The product name of the game which the server is serving
- `region` - The [region code](https://developer.valvesoftware.com/wiki/Master_Server_Query_Protocol#Region_codes) for where the server is located
- `players` - How many people are currently on this server
- `max_players` - How many people can be on the server at once
- `bots` - How many CPU players are currently on this server
- `map` - The name of the map which the server is currently running
- `secure` - `true` if the server is VAC-secure, `false` if not
- `dedicated` - `true` if the server is dedicated, `false` if listen
- `os` - `w` if the server is running on Windows, `l` for Linux
- `gametype` - The server's tags, separated by commas
**Works when anonymous.** Requests a list gameservers from Steam matching a given filter, along with information about the server as Steam knows it.
### getServerSteamIDsByIP(ips, callback)
- `ips` - An array of IP addresses, in `x.x.x.x:p` format
- `callback` - Called when requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `servers` - An object whose keys are IP addresses in `x.x.x.x:p` format and values are [`SteamID`](https://www.npmjs.com/package/steamid) objects
**Works when anonymous.** Gets current SteamIDs for servers running on given addresses.
### getServerIPsBySteamID(steamids, callback)
- `steamids` - An array of [`SteamID`](https://www.npmjs.com/package/steamid) objects, or something which can parse into one (64-bit SteamID as string, Steam3 rendered format)
- `callback` - Called when requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `servers` - An object whose keys are 64-bit numeric SteamIDs and values are IP addresses in `x.x.x.x:p` format
**Works when anonymous.** Gets current IP addresses for servers with given SteamIDs.
### getProductChanges(sinceChangenumber, callback)
- `sinceChangenumber` - The changenumber of the last known changelist. You will get changes which have occurred since then and now. You won't get any info except the current changenumber if you request more than around 5,000 changenumbers in the past.
- `callback` - Called when data is available
- `err` - An `Error` object on failure, or `null` on success
- `currentChangenumber` - The changenumber of the newest changelist
- `appChanges` - An array of objects for apps which have changed. Each object has these properties:
- `appid` - The AppID of the app
- `change_number` - The changenumber of the latest changelist in which the app has changed
- `needs_token` - `true` if you need an access token to get most details about this app, `null` if not
- `packageChanges` - An array of objects for packages which have changed. Each object has the same properties as the `apps` array, except `appid` is `packageid`.
**Works when anonymous.** Requests a list of all apps/packages which have changed since a given changenumber.
### getProductInfo(apps, packages[, inclTokens], callback)
- `apps` - Either an array of AppIDs, or an array of objects containing `appid` and `access_token` properties
- `packages` - Either an array of PackageIDs, or an array of objects containing `packageid` and `access_token` properties
- `inclTokens` - Optional boolean to automatically request product access tokens if they need them. The default value is false.
- `callback` - Called when requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `apps` - An object whose keys are AppIDs and whose values are objects
- `changenumber` - The changenumber of the latest changelist in which this app changed
- `missingToken` - `true` if you need to provide an access token to get more details about this app
- `appinfo` - An object whose structure is identical to the output of `app_info_print` in the [Steam console](steam://nav/console)
- `packages` - An object whose keys are PackageIDs and whose values are objects. Each object has the same properties as the `apps` array, except `appinfo` is `packageinfo`.
- `unknownApps` - An array of input AppIDs which don't exist
- `unknownPackages` - An array of input PackageIDs which don't exist
**Works when anonymous.** Requests details about one or more apps or packages.
If you have the PICS cache enabled and the risk of getting stale data is acceptable, you could check
[the PICS cache](#picscache) if you want instead of calling `getProductInfo`.
### getProductAccessToken(apps, packages, callback)
- `apps` - An array of AppIDs
- `packages` - An array of PackageIDs
- `callback` - Called when requested data is available
- `err` - An `Error` object on failure, or `null` on success
- `appTokens` - An object whose keys are AppIDs and whose values are access tokens
- `packageTokens` - An object whose keys are PackageIDs and whose values are access tokens
- `appDeniedTokens` - An array of AppIDs for which Steam denied you an access token
- `packageDeniedTokens` - An array of PackageIDs for which Steam denied you an access token
**Works when anonymous.** Requests access tokens for one or more apps or packages. These access tokens can be used with [`getProductInfo`](#productinfoapps-packages-callback).
Access tokens are global. That is, everyone who has access to an app receives the same token. Tokens do not seem to expire.
### getOwnedApps([filter])
- `filter` - A filter object or function (see [`ownershipFilter`](#ownershipfilter))
**v3.3.0 or later is required to use this method**
**v4.7.0 or later is required to use `excludeSharedLicenses`**
**v4.22.0 or later is required to use `filter`**
Returns an array of AppIDs which your account owns. This cannot be safely called until `ownershipCached` is emitted.
`enablePicsCache` must be `true` to use this method. Otherwise, an `Error` will be thrown.
If `filter` is a boolean, it is interpreted as `excludeShared` for backward compatibility. For example,
`getOwnedApps(true)` is the same as `getOwnedApps({excludeShared: true})`.
This usage is deprecated and will be removed in a future release.
The output of this function will contain all AppIDs that are present in at least one license that was not filtered out.
For example, if you previously activated a free on demand package for Spacewar but later activated a retail CD key for
the same, it will be included if you pass `{excludeFree: true}` as your filter since you own it both via a free package
and via a paid package.
### ownsApp(appid[, filter])
- `appid` - A numeric AppID
- `filter` - A filter object or function (see [`ownershipFilter`](#ownershipfilter))
**v3.3.0 or later is required to use this method**
**v4.7.0 or later is required to use `excludeSharedLicenses`**
**v4.22.0 or later is required to use `filter`**
Returns `true` if your account owns the specified AppID, or `false` if not. This cannot be safely called until
`ownershipCached` is emitted.
`enablePicsCache` must be `true` to use this method. Otherwise, an `Error` will be thrown.
If `filter` is a boolean, it is interpreted as `excludeShared` for backward compatibility. For example,
`ownsApp(730, true)` is the same as `ownsApp(730, {excludeShared: true})`.
This usage is deprecated and will be removed in a future release.
The output of this function will be true if the provided AppID is present in at least one license that was not filtered out.
### getOwnedDepots([filter])
- `filter` - A filter object or function (see [`ownershipFilter`](#ownershipfilter))
**v3.3.0 or later is required to use this method**
**v4.7.0 or later is required to use `excludeSharedLicenses`**
**v4.22.0 or later is required to use `filter`**
Returns an array of depot IDs which your account owns. This cannot be safely called until `ownershipCached` is emitted.
`enablePicsCache` must be `true` to use this method. Otherwise, an `Error` will be thrown.
If `filter` is a boolean, it is interpreted as `excludeShared` for backward compatibility. For example,
`getOwnedDepots(true)` is the same as `getOwnedDepots({excludeShared: true})`.
This usage is deprecated and will be removed in a future release.
The output of this function will contain all depot IDs that are present in at least one license that was not filtered out.
### ownsDepot(depotid[, filter])
- `depotid` - A numeric depot ID
- `filter` - A filter object or function (see [`ownershipFilter`](#ownershipfilter))
**v3.3.0 or later is required to use this method**
**v4.7.0 or later is required to use `excludeSharedLicenses`**
**v4.22.0 or later is required to use `filter`**
Returns `true` if your account owns the specified depot, or `false` if not. This cannot be safely called until
`ownershipCached` is emitted.
`enablePicsCache` must be `true` to use this method. Otherwise, an `Error` will be thrown.