From cdeee17c2be5b8b9a333b977b3e2d373b94dfe0a Mon Sep 17 00:00:00 2001
From: bigfoot547 <bigfoot@figboot.dev>
Date: Fri, 31 Jan 2025 02:32:19 -0600
Subject: do clippy stuff and change line endings

---
 src/auth.rs | 671 ++++++++++++++++++++++++++++++------------------------------
 1 file changed, 335 insertions(+), 336 deletions(-)

(limited to 'src/auth.rs')

diff --git a/src/auth.rs b/src/auth.rs
index 1eb65ed..7336e64 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,336 +1,335 @@
-mod types;
-mod msa;
-mod mcservices;
-
-use std::error::Error;
-use std::fmt::{Display, Formatter};
-use std::future::Future;
-use std::time::{Duration, SystemTime};
-use chrono::{DateTime, TimeDelta, Utc};
-use log::debug;
-use oauth2::{AccessToken, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EmptyExtraDeviceAuthorizationFields, EndpointNotSet, EndpointSet, HttpClientError, RefreshToken, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, StandardTokenResponse, TokenResponse, TokenUrl};
-use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse};
-use reqwest::{IntoUrl, Method, RequestBuilder};
-pub use types::*;
-use crate::auth::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE};
-use crate::util::USER_AGENT;
-
-#[derive(Debug)]
-pub enum AuthError {
-    // An unexpected error happened while performing a request
-    Request { what: &'static str, error: reqwest::Error },
-    OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> },
-    OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> },
-
-    // Some internal auth error (unrecoverable)
-    Internal(String),
-
-    // Device code auth was cancelled
-    Cancel(Option<Box<dyn Error>>),
-
-    // Device code auth timed out
-    Timeout,
-
-    // Requires interactive authentication
-    RequireInteractive(&'static str),
-
-    // XSTS error
-    AuthXError { what: &'static str, x_error: u64, message: Option<String> },
-
-    // You don't own the game!
-    EntitlementError
-}
-
-impl Display for AuthError {
-    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
-        match self {
-            AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error),
-            AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"),
-            AuthError::OAuthRequestDeviceCode { what, error } => write!(f, "oauth error with device code ({what}): {error}"),
-            AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg),
-            AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"),
-            AuthError::Cancel(None) => f.write_str("operation cancelled"),
-            AuthError::Timeout => f.write_str("interactive authentication timed out"),
-            AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"),
-            AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())),
-            AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)")
-        }
-    }
-}
-
-impl Error for AuthError {
-    fn source(&self) -> Option<&(dyn Error + 'static)> {
-        match self {
-            AuthError::Request { error, .. } => Some(error),
-            AuthError::OAuthRequestToken { error, .. } => Some(error),
-            AuthError::OAuthRequestDeviceCode { error, .. } => Some(error),
-            AuthError::Cancel(Some(error)) => Some(error.as_ref()),
-            _ => None
-        }
-    }
-}
-
-impl Token {
-    fn is_expired(&self, now: DateTime<Utc>) -> bool {
-        self.expire.is_some_and(|exp| now >= exp)
-    }
-}
-
-macro_rules! create_oauth_client {
-    ($is_azure_client_id:expr, $client_id:expr) => {
-        oauth2::Client::new($client_id)
-            .set_token_uri(TokenUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url"))
-            .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_DEVICE_CODE_URL.into() } else { NON_AZURE_DEVICE_CODE_URL.into() }).expect("hardcoded url"))
-        as oauth2::Client<BasicErrorResponse, BasicTokenResponse, BasicTokenIntrospectionResponse, StandardRevocableToken, BasicRevocationErrorResponse,
-                          EndpointNotSet, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointSet>
-    }
-}
-
-const AZURE_TOKEN_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
-const AZURE_DEVICE_CODE_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
-const NON_AZURE_TOKEN_URL: &str = "https://login.live.com/oauth20_token.srf";
-const NON_AZURE_DEVICE_CODE_URL: &str = "https://login.live.com/oauth20_connect.srf";
-
-const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice();
-const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice();
-
-fn build_json_request(client: &reqwest::Client, url: impl IntoUrl, method: Method) -> RequestBuilder {
-    client.request(method, url)
-        .header(reqwest::header::USER_AGENT, USER_AGENT)
-        .header(reqwest::header::ACCEPT, "application/json")
-}
-
-impl MsaUser {
-    pub fn create_client() -> reqwest::Client {
-        reqwest::ClientBuilder::new()
-            .redirect(reqwest::redirect::Policy::none())
-            .build().expect("building client should succeed")
-    }
-
-    fn scopes_iter(&self) -> impl Iterator<Item = Scope> {
-        let to_scope = |f: &&str| Scope::new(String::from(*f));
-
-        if self.is_azure_client_id {
-            AZURE_LOGIN_SCOPES.iter().map(to_scope)
-        } else {
-            NON_AZURE_LOGIN_SCOPES.iter().map(to_scope)
-        }
-    }
-
-    // uses an access token from, for example, a device code grant logs into xbox live
-    async fn xbl_login(&mut self, client: &reqwest::Client, token: &AccessToken) -> Result<(), AuthError> {
-        debug!("Logging into xbox live using access token");
-        self.xbl_token = Some(msa::xbox_live_login(client, token, self.is_azure_client_id).await?);
-
-        Ok(())
-    }
-
-    // logs into xbox live using a refresh token
-    // (panics if no refresh token present)
-    async fn xbl_login_refresh(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
-        debug!("Using refresh token for XBL login");
-        let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
-        let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token");
-
-        let tokenres: BasicTokenResponse = oauth_client
-            .exchange_refresh_token(refresh_token)
-            .add_scopes(self.scopes_iter())
-            .add_extra_param("response_type", "device_code")
-            .request_async(client)
-            .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?;
-
-        self.refresh_token = tokenres.refresh_token().cloned();
-
-        self.xbl_login(client, tokenres.access_token()).await
-    }
-
-    async fn xbl_login_device<D, DF>(&mut self, client: &reqwest::Client, handle_device: D) -> Result<(), AuthError>
-    where
-        D: FnOnce(StandardDeviceAuthorizationResponse) -> DF,
-        DF: Future<Output = ()>
-    {
-        debug!("Using device authorization for XBL login");
-        let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
-        let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code()
-            .add_scopes(self.scopes_iter())
-            .add_extra_param("response_type", "device_code")
-            .request_async(client)
-            .await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?;
-
-        handle_device(device_auth.clone()).await;
-
-        let tokenres = oauth_client.exchange_device_access_token(&device_auth)
-            .set_max_backoff_interval(Duration::from_secs(20u64))
-            .request_async(client, tokio::time::sleep, None)
-            .await.map_err(|e| AuthError::OAuthRequestDeviceCode { what: "device access code", error: e })?;
-
-        self.refresh_token = tokenres.refresh_token().cloned();
-
-        self.xbl_login(client, tokenres.access_token()).await
-    }
-
-    // ensure we have an xbox live token for this person
-    // tasks for this function:
-    //  - check if the XBL token is valid/not expired
-    //  - if it is expired, try to use refresh token to get a new one
-    //    - get rid of auth token if yeah
-    async fn ensure_xbl(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
-        if self.xbl_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
-            debug!("XBL token valid. Using it.");
-            return Ok(())
-        }
-
-        if self.refresh_token.is_none() {
-            return Err(AuthError::RequireInteractive("no refresh token"));
-        }
-
-        debug!("XBL token expired. Trying to refresh it.");
-        self.xbl_login_refresh(client).await
-            .map_err(|e| match &e {
-                AuthError::OAuthRequestToken { error, .. } => match error {
-                    RequestTokenError::ServerResponse(res) => match res.error() {
-                        BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => {
-                            AuthError::RequireInteractive("msa requested interactive logon")
-                        },
-                        _ => e
-                    },
-                    _ => e
-                },
-                _ => e
-            })?;
-
-        self.mc_token = None;
-
-        Ok(())
-    }
-
-    // function's tasks:
-    // - if the minecraft services token invalid/expired/missing, do the following
-    //   - get minecraftservices xsts token
-    //   - use minecraftservices to get mojang token with that xsts token
-    async fn ensure_mc_token(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
-        if self.mc_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
-            debug!("Mojang token valid. Using it.");
-            return Ok(())
-        }
-
-        debug!("Mojang token has expired. Must log in again.");
-        let xbl_token = self.xbl_token.as_ref().expect("ensure_mc_token requires xbl token").value.as_str();
-        let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? {
-            msa::XSTSAuthResponse::Success(res) => {
-                let user_hash = res.get_user_hash()
-                    .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?;
-                (user_hash, res.into_token())
-            },
-            msa::XSTSAuthResponse::Error(e) => return Err(e.into())
-        };
-
-        debug!("Got MinecraftServices XSTS, logging in.");
-        self.mc_token = Some(mcservices::login_with_xbox(client, mc_xsts_tok.as_str(), user_hash.as_str()).await?);
-
-        Ok(())
-    }
-
-    async fn load_xbox_info(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
-        debug!("Loading Xbox info...");
-        let xbl_token = self.xbl_token.as_ref().expect("xbl token missing").value.as_str();
-
-        let res = match msa::xsts_request(client, xbl_token, XSTS_RP_XBOX_LIVE).await? {
-            msa::XSTSAuthResponse::Success(res) => res,
-            msa::XSTSAuthResponse::Error(e) => return Err(e.into())
-        };
-
-        let Some(xuid) = res.get_xuid() else {
-            return Err(AuthError::Internal("missing xuid for user".into()));
-        };
-
-        self.xuid = Some(xuid);
-        self.gamertag = res.get_gamertag().map(|s| s.to_owned());
-
-        debug!("Xbox info loaded: (xuid {xuid}, gamertag {})", res.get_gamertag().unwrap_or("<none>"));
-
-        Ok(())
-    }
-
-    async fn load_profile(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
-        self.load_xbox_info(client).await?;
-
-        let mc_token = self.mc_token.as_ref().expect("minecraft token missing").value.as_str();
-
-        if !mcservices::owns_the_game(client, mc_token).await? {
-            return Err(AuthError::EntitlementError);
-        }
-
-        let player_info = mcservices::get_player_info(client, mc_token).await?;
-        let player_profile = mcservices::get_player_profile(client, player_info.id).await
-            .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?;
-
-        self.player_info = Some(player_info);
-        self.player_profile = Some(player_profile);
-
-        Ok(())
-    }
-
-    async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
-        let now: DateTime<Utc> = DateTime::from(SystemTime::now()) + TimeDelta::hours(12);
-
-        self.ensure_xbl(client, now).await?;
-        self.ensure_mc_token(client, now).await?;
-        self.load_profile(client).await?;
-
-        Ok(())
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use super::*;
-
-    #[tokio::test]
-    async fn abc() {
-        simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap();
-
-        let mut user = match tokio::fs::read_to_string("test_stuff/test.json").await {
-            Ok(s) => serde_json::from_str::<MsaUser>(&s).unwrap(),
-            Err(e) if e.kind() == tokio::io::ErrorKind::NotFound => {
-                MsaUser {
-                    player_profile: None,
-                    xuid: None,
-                    gamertag: None,
-                    player_info: None,
-                    client_id: ClientId::new("00000000402b5328".into()),
-                    is_azure_client_id: false,
-                    mc_token: None,
-                    xbl_token: None,
-                    refresh_token: None
-                }
-            },
-            Err(e) => panic!("i/o error: {}", e)
-        };
-
-        let client = MsaUser::create_client();
-
-        loop {
-            match user.log_in_silent(&client).await {
-                Ok(_) => break,
-                Err(AuthError::RequireInteractive(s)) => {
-                    debug!("Requires interactive auth: {s}")
-                },
-                Err(e) => {
-                    panic!("{}", e);
-                }
-            }
-
-            user.xbl_login_device(&client, |d| async move {
-                let d = dbg!(d);
-                debug!("User code: {}", d.user_code().secret());
-                ()
-            }).await.unwrap()
-        }
-
-        debug!("User: {user:?}");
-
-        let user_str = serde_json::to_string_pretty(&user).unwrap();
-        tokio::fs::write("test_stuff/test.json", user_str.as_str()).await.unwrap();
-    }
-}
+mod types;
+mod msa;
+mod mcservices;
+
+use std::error::Error;
+use std::fmt::{Display, Formatter};
+use std::future::Future;
+use std::time::{Duration, SystemTime};
+use chrono::{DateTime, TimeDelta, Utc};
+use log::debug;
+use oauth2::{AccessToken, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EndpointNotSet, EndpointSet, HttpClientError, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, TokenResponse, TokenUrl};
+use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse};
+use reqwest::{IntoUrl, Method, RequestBuilder};
+pub use types::*;
+use crate::auth::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE};
+use crate::util::USER_AGENT;
+
+#[derive(Debug)]
+pub enum AuthError {
+    // An unexpected error happened while performing a request
+    Request { what: &'static str, error: reqwest::Error },
+    OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> },
+    OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> },
+
+    // Some internal auth error (unrecoverable)
+    Internal(String),
+
+    // Device code auth was cancelled
+    Cancel(Option<Box<dyn Error>>),
+
+    // Device code auth timed out
+    Timeout,
+
+    // Requires interactive authentication
+    RequireInteractive(&'static str),
+
+    // XSTS error
+    AuthXError { what: &'static str, x_error: u64, message: Option<String> },
+
+    // You don't own the game!
+    EntitlementError
+}
+
+impl Display for AuthError {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        match self {
+            AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error),
+            AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"),
+            AuthError::OAuthRequestDeviceCode { what, error } => write!(f, "oauth error with device code ({what}): {error}"),
+            AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg),
+            AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"),
+            AuthError::Cancel(None) => f.write_str("operation cancelled"),
+            AuthError::Timeout => f.write_str("interactive authentication timed out"),
+            AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"),
+            AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())),
+            AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)")
+        }
+    }
+}
+
+impl Error for AuthError {
+    fn source(&self) -> Option<&(dyn Error + 'static)> {
+        match self {
+            AuthError::Request { error, .. } => Some(error),
+            AuthError::OAuthRequestToken { error, .. } => Some(error),
+            AuthError::OAuthRequestDeviceCode { error, .. } => Some(error),
+            AuthError::Cancel(Some(error)) => Some(error.as_ref()),
+            _ => None
+        }
+    }
+}
+
+impl Token {
+    fn is_expired(&self, now: DateTime<Utc>) -> bool {
+        self.expire.is_some_and(|exp| now >= exp)
+    }
+}
+
+macro_rules! create_oauth_client {
+    ($is_azure_client_id:expr, $client_id:expr) => {
+        oauth2::Client::new($client_id)
+            .set_token_uri(TokenUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url"))
+            .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_DEVICE_CODE_URL.into() } else { NON_AZURE_DEVICE_CODE_URL.into() }).expect("hardcoded url"))
+        as oauth2::Client<BasicErrorResponse, BasicTokenResponse, BasicTokenIntrospectionResponse, StandardRevocableToken, BasicRevocationErrorResponse,
+                          EndpointNotSet, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointSet>
+    }
+}
+
+const AZURE_TOKEN_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
+const AZURE_DEVICE_CODE_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
+const NON_AZURE_TOKEN_URL: &str = "https://login.live.com/oauth20_token.srf";
+const NON_AZURE_DEVICE_CODE_URL: &str = "https://login.live.com/oauth20_connect.srf";
+
+const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice();
+const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice();
+
+fn build_json_request(client: &reqwest::Client, url: impl IntoUrl, method: Method) -> RequestBuilder {
+    client.request(method, url)
+        .header(reqwest::header::USER_AGENT, USER_AGENT)
+        .header(reqwest::header::ACCEPT, "application/json")
+}
+
+impl MsaUser {
+    pub fn create_client() -> reqwest::Client {
+        reqwest::ClientBuilder::new()
+            .redirect(reqwest::redirect::Policy::none())
+            .build().expect("building client should succeed")
+    }
+
+    fn scopes_iter(&self) -> impl Iterator<Item = Scope> {
+        let to_scope = |f: &&str| Scope::new(String::from(*f));
+
+        if self.is_azure_client_id {
+            AZURE_LOGIN_SCOPES.iter().map(to_scope)
+        } else {
+            NON_AZURE_LOGIN_SCOPES.iter().map(to_scope)
+        }
+    }
+
+    // uses an access token from, for example, a device code grant logs into xbox live
+    async fn xbl_login(&mut self, client: &reqwest::Client, token: &AccessToken) -> Result<(), AuthError> {
+        debug!("Logging into xbox live using access token");
+        self.xbl_token = Some(msa::xbox_live_login(client, token, self.is_azure_client_id).await?);
+
+        Ok(())
+    }
+
+    // logs into xbox live using a refresh token
+    // (panics if no refresh token present)
+    async fn xbl_login_refresh(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+        debug!("Using refresh token for XBL login");
+        let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
+        let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token");
+
+        let tokenres: BasicTokenResponse = oauth_client
+            .exchange_refresh_token(refresh_token)
+            .add_scopes(self.scopes_iter())
+            .add_extra_param("response_type", "device_code")
+            .request_async(client)
+            .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?;
+
+        self.refresh_token = tokenres.refresh_token().cloned();
+
+        self.xbl_login(client, tokenres.access_token()).await
+    }
+
+    pub async fn xbl_login_device<D, DF>(&mut self, client: &reqwest::Client, handle_device: D) -> Result<(), AuthError>
+    where
+        D: FnOnce(StandardDeviceAuthorizationResponse) -> DF,
+        DF: Future<Output = ()>
+    {
+        debug!("Using device authorization for XBL login");
+        let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
+        let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code()
+            .add_scopes(self.scopes_iter())
+            .add_extra_param("response_type", "device_code")
+            .request_async(client)
+            .await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?;
+
+        handle_device(device_auth.clone()).await;
+
+        let tokenres = oauth_client.exchange_device_access_token(&device_auth)
+            .set_max_backoff_interval(Duration::from_secs(20u64))
+            .request_async(client, tokio::time::sleep, None)
+            .await.map_err(|e| AuthError::OAuthRequestDeviceCode { what: "device access code", error: e })?;
+
+        self.refresh_token = tokenres.refresh_token().cloned();
+
+        self.xbl_login(client, tokenres.access_token()).await
+    }
+
+    // ensure we have an xbox live token for this person
+    // tasks for this function:
+    //  - check if the XBL token is valid/not expired
+    //  - if it is expired, try to use refresh token to get a new one
+    //    - get rid of auth token if yeah
+    async fn ensure_xbl(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
+        if self.xbl_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
+            debug!("XBL token valid. Using it.");
+            return Ok(())
+        }
+
+        if self.refresh_token.is_none() {
+            return Err(AuthError::RequireInteractive("no refresh token"));
+        }
+
+        debug!("XBL token expired. Trying to refresh it.");
+        self.xbl_login_refresh(client).await
+            .map_err(|e| match &e {
+                AuthError::OAuthRequestToken { error: RequestTokenError::ServerResponse(res), .. } =>  match res.error() {
+                    BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => {
+                        AuthError::RequireInteractive("msa requested interactive logon")
+                    },
+                    _ => e
+                },
+                _ => e
+            })?;
+
+        self.mc_token = None;
+
+        Ok(())
+    }
+
+    // function's tasks:
+    // - if the minecraft services token invalid/expired/missing, do the following
+    //   - get minecraftservices xsts token
+    //   - use minecraftservices to get mojang token with that xsts token
+    async fn ensure_mc_token(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
+        if self.mc_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
+            debug!("Mojang token valid. Using it.");
+            return Ok(())
+        }
+
+        debug!("Mojang token has expired. Must log in again.");
+        let xbl_token = self.xbl_token.as_ref().expect("ensure_mc_token requires xbl token").value.as_str();
+        let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? {
+            msa::XSTSAuthResponse::Success(res) => {
+                let user_hash = res.get_user_hash()
+                    .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?;
+                (user_hash, res.into_token())
+            },
+            msa::XSTSAuthResponse::Error(e) => return Err(e.into())
+        };
+
+        debug!("Got MinecraftServices XSTS, logging in.");
+        self.mc_token = Some(mcservices::login_with_xbox(client, mc_xsts_tok.as_str(), user_hash.as_str()).await?);
+
+        Ok(())
+    }
+
+    async fn load_xbox_info(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+        debug!("Loading Xbox info...");
+        let xbl_token = self.xbl_token.as_ref().expect("xbl token missing").value.as_str();
+
+        let res = match msa::xsts_request(client, xbl_token, XSTS_RP_XBOX_LIVE).await? {
+            msa::XSTSAuthResponse::Success(res) => res,
+            msa::XSTSAuthResponse::Error(e) => return Err(e.into())
+        };
+
+        let Some(xuid) = res.get_xuid() else {
+            return Err(AuthError::Internal("missing xuid for user".into()));
+        };
+
+        self.xuid = Some(xuid);
+        self.gamertag = res.get_gamertag().map(|s| s.to_owned());
+
+        debug!("Xbox info loaded: (xuid {xuid}, gamertag {})", res.get_gamertag().unwrap_or("<none>"));
+
+        Ok(())
+    }
+
+    async fn load_profile(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+        self.load_xbox_info(client).await?;
+
+        let mc_token = self.mc_token.as_ref().expect("minecraft token missing").value.as_str();
+
+        debug!("Checking if you own the game...");
+        if !mcservices::owns_the_game(client, mc_token).await? {
+            return Err(AuthError::EntitlementError);
+        }
+
+        debug!("Getting your profile info...");
+        let player_info = mcservices::get_player_info(client, mc_token).await?;
+        let player_profile = mcservices::get_player_profile(client, player_info.id).await
+            .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?;
+
+        self.player_info = Some(player_info);
+        self.player_profile = Some(player_profile);
+
+        Ok(())
+    }
+
+    pub async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+        let now: DateTime<Utc> = DateTime::from(SystemTime::now()) + TimeDelta::hours(12);
+
+        self.ensure_xbl(client, now).await?;
+        self.ensure_mc_token(client, now).await?;
+        self.load_profile(client).await?;
+
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use oauth2::ClientId;
+    use super::*;
+
+    #[tokio::test]
+    async fn abc() {
+        simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap();
+
+        let mut user = match tokio::fs::read_to_string("test_stuff/test.json").await {
+            Ok(s) => serde_json::from_str::<MsaUser>(&s).unwrap(),
+            Err(e) if e.kind() == tokio::io::ErrorKind::NotFound => {
+                MsaUser {
+                    player_profile: None,
+                    xuid: None,
+                    gamertag: None,
+                    player_info: None,
+                    client_id: ClientId::new("00000000402b5328".into()),
+                    is_azure_client_id: false,
+                    mc_token: None,
+                    xbl_token: None,
+                    refresh_token: None
+                }
+            },
+            Err(e) => panic!("i/o error: {}", e)
+        };
+
+        let client = MsaUser::create_client();
+
+        loop {
+            match user.log_in_silent(&client).await {
+                Ok(_) => break,
+                Err(AuthError::RequireInteractive(s)) => {
+                    debug!("Requires interactive auth: {s}")
+                },
+                Err(e) => {
+                    panic!("{}", e);
+                }
+            }
+
+            user.xbl_login_device(&client, |d| async move {
+                let d = dbg!(d);
+                debug!("User code: {}", d.user_code().secret());
+            }).await.unwrap()
+        }
+
+        debug!("User: {user:?}");
+
+        let user_str = serde_json::to_string_pretty(&user).unwrap();
+        tokio::fs::write("test_stuff/test.json", user_str.as_str()).await.unwrap();
+    }
+}
-- 
cgit v1.2.3-70-g09d2