/*=========================================================================*//** Copyright (c) Microsoft Corporation. All rights reserved. *//*==========================================================================*/ cpp_quote("#include ") import "objidl.idl"; #pragma region Application Family cpp_quote("#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)") interface IXblIdpAuthTokenResult; typedef enum _XBL_IDP_AUTH_TOKEN_STATUS { XBL_IDP_AUTH_TOKEN_STATUS_SUCCESS = 0, XBL_IDP_AUTH_TOKEN_STATUS_OFFLINE_SUCCESS, XBL_IDP_AUTH_TOKEN_STATUS_NO_ACCOUNT_SET, XBL_IDP_AUTH_TOKEN_STATUS_LOAD_MSA_ACCOUNT_FAILED, XBL_IDP_AUTH_TOKEN_STATUS_XBOX_VETO, XBL_IDP_AUTH_TOKEN_STATUS_MSA_INTERRUPT, XBL_IDP_AUTH_TOKEN_STATUS_OFFLINE_NO_CONSENT, XBL_IDP_AUTH_TOKEN_STATUS_VIEW_NOT_SET, XBL_IDP_AUTH_TOKEN_STATUS_UNKNOWN = 0xffffffff, } XBL_IDP_AUTH_TOKEN_STATUS; [ object, uuid(eb5ddb08-8bbf-449b-ac21-b02ddeb3b136), pointer_default(unique) ] interface IXblIdpAuthManager : IUnknown { // Called by Xbox IDP to set the MSA account and XUID for the NT USER HRESULT SetGamerAccount( [in, string, unique] LPCWSTR msaAccountId, [in, string, unique] LPCWSTR xuid ); // Called by Xbox IDP to get the MSA account for the NT USER. Returns AM_E_NO_GAMER_ACCOUNT if // an account was not previously set. HRESULT GetGamerAccount( [out, string] LPWSTR* msaAccountId, [out, string] LPWSTR* xuid ); // Called by the Xbox IDP to declare that a view has been initialized for the specified app HRESULT SetAppViewInitialized( // app ID [in, string] LPCWSTR appSid, // the real or pairwise MSA account ID, as it will be seen by the specified app [in, string] LPCWSTR msaAccountId ); // Called by the Xbox IDP to look up the configured environment HRESULT GetEnvironment( [out, string] LPWSTR* environment ); // Called by the Xbox IDP to look up the configured sandbox HRESULT GetSandbox( [out, string] LPWSTR* sandbox ); // Retrieve an X Token from XSTS for the specified account / caller and generate a signature. The target and // signing policy are determined based on the URI. HRESULT GetTokenAndSignatureWithTokenResult( // MSA account ID to use instead of the default gamer account. This allows the IDP to get tokens while // configuring the gamer account. [in, string, unique] LPCWSTR msaAccountId, // app SID to use instead of the calling app. When provided, the caller must be trusted. [in, string] LPCWSTR appSid, // the MSA target used when requesting the RPS ticket that the returned X token is based on. For first // party apps, this will be "user.auth.xboxlive.com". For third party apps, this will be a list of // offers like "xboxlive.signin" [in, string] LPCWSTR msaTarget, // the MSA policy used when requesting the RPS ticket that the returned X token is based on. For first // party apps, this will be "MBI_SSL". For third party apps, this will be "DELEGATION". [in, string] LPCWSTR msaPolicy, // HTTP method that will be used for this request [in, string] LPCWSTR httpMethod, // URI the X token will be used against. This URI is used to lookup token information and the path portion // is used for signature generation. [in, string] LPCWSTR uri, // headers as a single string with CR/LF separating them, consistent with e.g. WinHttpAddRequestHeaders [in, string, unique] LPCWSTR headers, // optional body [in, unique, size_is(bodySize)] BYTE* body, [in] DWORD bodySize, // if TRUE, ignore any cached token and force a new one to be retreived from XSTS [in] BOOL forceRefresh, // Complete result object. Except in exceptional cases, this method will succeed with error details // embedded in the result object. [out] IXblIdpAuthTokenResult** result ); }; [ object, uuid(bf8c0950-8389-43dd-9a76-a19728ec5dc5), pointer_default(unique) ] interface IXblIdpAuthManager2 : IUnknown { // Retrieve an X Token from XSTS and generate a signature. The XBL target and signing policy are determined based on the // URI. Since there is no user for this token, the MSA target/policy/app must not require consent. HRESULT GetUserlessTokenAndSignatureWithTokenResult( // app SID to use instead of the calling app. When provided, the caller must be trusted. [in, string] LPCWSTR appSid, // the MSA target used when requesting the RPS ticket that the returned X token is based on. For first // party apps, this will be "user.auth.xboxlive.com". For third party apps, this will be a list of // offers like "xboxlive.signin" [in, string] LPCWSTR msaTarget, // the MSA policy used when requesting the RPS ticket that the returned X token is based on. For first // party apps, this will be "MBI_SSL". For third party apps, this will be "DELEGATION". [in, string] LPCWSTR msaPolicy, // HTTP method that will be used for this request [in, string] LPCWSTR httpMethod, // URI the X token will be used against. This URI is used to lookup token information and the path portion // is used for signature generation. [in, string] LPCWSTR uri, // headers as a single string with CR/LF separating them, consistent with e.g. WinHttpAddRequestHeaders [in, string, unique] LPCWSTR headers, // optional body [in, unique, size_is(bodySize)] BYTE* body, [in] DWORD bodySize, // if TRUE, ignore any cached token and force a new one to be retreived from XSTS [in] BOOL forceRefresh, // Complete result object. Except in exceptional cases, this method will succeed with error details // embedded in the result object. [out] IXblIdpAuthTokenResult** result ); }; [ object, uuid (46ce0225-f267-4d68-b299-b2762552dec1), pointer_default(unique) ] interface IXblIdpAuthTokenResult : IUnknown { // Status. The value of this property determines which of the following properties are present. HRESULT GetStatus([out] XBL_IDP_AUTH_TOKEN_STATUS *status); // Traditional HRESULT. This could be an XBL veto, MSA error/success, or AuthManager error. // Other errors (e.g. E_OUTOFMEMORY) will be returned from the API directly, and an instance // of this inteface will not be provided. HRESULT GetErrorCode([out] HRESULT *errorCode); // // Token properties // // X token. caller must add "Authorization: " to header list. HRESULT GetToken([out, retval, string] LPWSTR *token); // Signature or empty string. If not empty, caller must add "Signature: " to header list. HRESULT GetSignature([out, retval, string] LPWSTR *signature); // Sandbox. Only supplied when a token is retrieved or an Xbox veto occurs. HRESULT GetSandbox([out, retval, string] LPWSTR *sandbox); // Environment. Only supplied when a token is retrieved or an Xbox veto occurs. HRESULT GetEnvironment([out, retval, string] LPWSTR *environment); // // User properties // // The MSA AccountId used to make the request. When a device or title veto occurs, this property // will be empty. HRESULT GetMsaAccountId([out, retval, string] LPWSTR *msaAccountId); // Xuid. Only supplied with as successful result. HRESULT GetXuid([out, retval, string] LPWSTR *xuid); // Gamertag. Only supplied with as successful result. HRESULT GetGamertag([out, retval, string] LPWSTR *gamertag); // Age group. Only supplied with as successful result. HRESULT GetAgeGroup([out, retval, string] LPWSTR *ageGroup); // String list of integer privileges separated by commas. Empty if the token was not retrieved. HRESULT GetPrivileges([out, retval, string] LPWSTR *privileges); // // MSA interrupt-related data. These properties are used by the Xbox IDP to make a request to // the MSA IDP for the ticket XblAuthManager requires. // HRESULT GetMsaTarget([out, retval, string] LPWSTR *msaTarget); HRESULT GetMsaPolicy([out, retval, string] LPWSTR *msaPolicy); HRESULT GetMsaAppId([out, retval, string] LPWSTR *msaAppId); // // Xbox veto related data. These may or may not be returned by the server. // HRESULT GetRedirect([out, retval, string] LPWSTR *redirect); HRESULT GetMessage([out, retval, string] LPWSTR *message); HRESULT GetHelpId([out, retval, string] LPWSTR *helpId); // Display Claim data. These may or may not be returned depending upon the relying party. // All are formatted the same as privileges HRESULT GetEnforcementBans([out, retval, string] LPWSTR* enforcementBans); HRESULT GetRestrictions([out, retval, string] LPWSTR* restrictions); HRESULT GetTitleRestrictions([out, retval, string] LPWSTR* titleRestrictions); }; [ object, uuid (75d760b0-60b9-412d-994f-26b2cd5f7812), pointer_default(unique) ] interface IXblIdpAuthTokenResult2 : IUnknown { // Modern Gamertag. Only supplied with as successful result. HRESULT GetModernGamertag([out, retval, string] LPWSTR *value); // Modern Gamertag Suffix. Only supplied with as successful result. HRESULT GetModernGamertagSuffix([out, retval, string] LPWSTR *value); // Unique Modern Gamertag. Only supplied with as successful result. HRESULT GetUniqueModernGamertag([out, retval, string] LPWSTR *value); }; cpp_quote("#ifdef __cplusplus") cpp_quote("") cpp_quote("class DECLSPEC_UUID(\"ce23534b-56d8-4978-86a2-7ee570640468\")") cpp_quote("XblIdpAuthManager;") cpp_quote("#endif") [ uuid(ce23534b-56d8-4978-86a2-7ee570640468) ] coclass XblIdpAuthManager { [default] interface IXblIdpAuthManager; interface IXblIdpAuthManager2; } cpp_quote("#ifdef __cplusplus") cpp_quote("") cpp_quote("class DECLSPEC_UUID(\"9f493441-744a-410c-ae2b-9a22f7c7731f\")") cpp_quote("XblIdpAuthTokenResult;") cpp_quote("#endif") [ uuid(9f493441-744a-410c-ae2b-9a22f7c7731f) ] coclass XblIdpAuthTokenResult { [default] interface IXblIdpAuthTokenResult; interface IXblIdpAuthTokenResult2; } cpp_quote("#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */") #pragma endregion