I have a Java application which needs to be able to take a user-inputted gamertag for Minecraft-Bedrock Edition and convert it into the XUID of the of the given account so that I can store it off for whitelisting and reference purposes later.
I have been going through the Microsoft REST API docs looking for a method that will let me do this but the closest thing I have been able to find is this:
which still requires the XUID as input rather than providing it as the output.
Is there any way I can convert a given String input for a gamertag into the XUID of the associated account or null if no such account exists for a Java application?
I have written an illustrative proof-of-concept implementation in pure, self-contained
bash+curl+sed
.It is heavily
inspired byplagiarized/condensed from thexbox.webapi.authentication.manager
module from Team OpenXbox's Xbox-Webapi, which you should probably just use instead*. Theirs is such a good API, covering so much arcana that Microsoft… simply fails to document; that it would be worth strongly considering switching your project to Python just for this library, if it relies on Microsoft's Xbox Live API for its core functionality.In a nutshell, to hit this API, it appears that you must:
Register an Application in Azure
localhost:8080
on the system of the user who is going to authorize the application, or you otherwise have their co-operation (specifically: they're able to paste thecode
parameter into the program from a URL in their browser), you may skip this step, useclient_id=0000000048093EE3
, and completely omitclient_secret
. (In this case, you do not even need an Azure account.)Get any** Xbox Live user to provide the
Xboxlive.signin
andXboxlive.offline_access
scopes to your application via OAuth2Use this authorization and a Bearer token to get a so-called "User Token" from
https://user.auth.xboxlive.com/user/authenticate
Use that token to authenticate yourself to
https://xsts.auth.xboxlive.com/xsts/authorize
to get an "XToken"Use that token to authenticate yourself to
https://profile.xboxlive.com
for the actual endpoints you're interested in, such as/users/gt({gamertag})/profile/settings
(which contains, among other attributes, the XUID, as a decimal string, at property"id"
)(**Obviously, if you're hitting privileged endpoints, such those that view private information or modify user account settings, you'll have additional requirements on whose authorization you need and what scopes you'll have to request; but, for the general case of gamertag-to-XUID lookup, a mere sign-in from any user is fine.)
*For this, it'd be something like: