https://login.live.com/oauth20_authorize.srf?client_id=00000000402b5328&response_type=token&scope=service::user.auth.xboxlive.com::MBI_SSL&redirect_uri=https%3A%2F%2Flogin.live.com%2Foauth20_desktop.srf
Visit the above URL in a browser and log in. You'll be redirected to a blank page. The new URL in the address bar contains a Microsoft Live access token for your account, which is required for Xbox Live authentication.
I've just been pasting them into this CyberChef recipe while testing to get the access_token part out quickly.
Note: In the above URL, 00000000402b5328 is the client ID for Minecraft: Java Edition.
Make this request:
POST https://user.auth.xboxlive.com/user/authenticate
{
"RelyingParty": "http://auth.xboxlive.com",
"TokenType": "JWT",
"Properties": {
"AuthMethod": "RPS",
"SiteName": "user.auth.xboxlive.com",
"RpsTicket": "<WINDOWS LIVE TOKEN>"
}
}
The response should look like this:
{
"IssueInstant": "...",
"NotAfter": "...",
"Token": "<XBL USER TOKEN>",
"DisplayClaims": {
"xui": [
{
"uhs": "<XBL USER ID HASH>"
}
]
}
}Make this request:
POST https://xsts.auth.xboxlive.com/xsts/authorize
{
"RelyingParty": "http://update.xboxlive.com",
"TokenType": "JWT",
"Properties": {
"UserTokens": ["<XBL USER TOKEN>"]
}
}
The response should look like this:
{
"IssueInstant": "...",
"NotAfter": "...",
"Token": "<XBL UPDATE TOKEN>",
"DisplayClaims": {
"xui": [
{
"uhs": "<XBL USER ID HASH>"
}
]
}
}Requests can now be made to packagespc.xboxlive.com and updatepc.xboxlive.com by including this header:
Authorization: XBL3.0 x=<XBL USER ID HASH>;<XBL UPDATE TOKEN>