authenticateXBL function

Future<XboxToken> authenticateXBL(String msAccessToken)

Authenticate with XBOX Live. This requires a previously acquired Microsoft Access Token. A Microsoft Access Token is acquired by following through the Microsoft Authentication Scheme. To be specific, this function requires the access_token from the login.live.com/oauth20_token.srf endpoint.

Implementation

Future<XboxToken> authenticateXBL(String msAccessToken) async {
  final headers = {
    'content-type': 'application/json',
    'accept': 'application/json',
  };

  final response = await requestBody(
      http.post,
      _xblAuth,
      'user/authenticate',
      {
        'Properties': {
          'AuthMethod': 'RPS',
          'SiteName': 'user.auth.xboxlive.com',
          'RpsTicket': 'd=$msAccessToken',
        },
        'RelyingParty': 'http://auth.xboxlive.com',
        'TokenType': 'JWT'
      },
      headers: headers);

  if (response.statusCode == 401) {
    throw AuthException('Microsoft token expired or is not correct');
  }

  final map = parseResponseMap(response);
  assert(map.containsKey('Token'));
  String xstsToken = map['Token'];
  String userHash =
      map['DisplayClaims']['xui'][0]['uhs']; // Check if this value is valid?
  return XboxToken(xstsToken, userHash);
}