Authentication

Authenticated user connections are started with Connection::login.

Besides the normal username and password, you need to provide a store for the steam guard machine data and a confirmation handler.

Steam guard machine data store

After authentication, steam provides the client with some machine specific data to allow skipping (depending on various factors) the authentication step for the next login.

For steam-vent to make use of this data, the app needs to provide a way for storing this data by providing an implementation of the GuardDataStore trait.

steam-vent bundles two implementations of the trait:

• NullGuardDataStore: doesn't store any guard data, effectively disabling the mechanism.

• FileGuardDataStore: store the machine data as json in the provided path.

  Additionally comes with a helper (FileGuardDataStore::user_cache()) for using a file in the user's cache directory (exact location depends on the platform).

If none of these methods of storage are suitable for the specific use case, the app can provide their own implementation for the trait. For example storing the data in the application database.

Confirmation handler

When logging into steam, a user needs to provide confirmation of the login trough a second factor. Usually either trough the mobile app or by providing a TOTP token.

An app can implement this confirmation by providing one or more implementations of the AuthConfirmationHandler trait.

steam-vent bundles the following implementations of the trait:

• DeviceConfirmationHandler: waits for the user to confirm the login trough the mobile app
• UserProvidedAuthConfirmationHandler: asks the user for the TOTP token by sending details about the requested token to the provided output and reading the token from the provided input.
• ConsoleAuthConfirmationHandler: is convenience wrapper around the UserProvidedAuthConfirmationHandler that uses stdin and stdout.
• SharedSecretAuthConfirmationHandler: generates the TOTP automatically by providing the shared secret, allowing for zero-interaction authentication.

Multiple authentication providers can be combined by using AuthConfirmationHandler::or, where the first backend that successfully completes the confirmation will be used. A common use case for apps will be combining the DeviceConfirmationHandler and one of the TOTP providers to allow users to confirm the login trough either the app or TOTP.

Alternatively apps can provide their own implementation of the trait to integrate whichever method of asking the user for the TOTP token.