Implement moving of steam authenticator from another device

[Rudokhvist]

Steam mobile app allows user to move authenticator to another device, as long as they still have valid phone number. From what I've heard (haven't tested myself), trade hold period is much lower this way comparing to removing authenticator and making new one, and also it's just convenient. So I decided SteamAuth (and SDA) need this feature. PR to SDA will follow.

[Jessecar96]

Thank you for the PR but this method no longer works since Steam updated their app.

[dyc3]

For anyone that's curious, the correct way to do this is to call RemoveAuthenticatorViaChallengeStart with generate_new_token = true, followed by RemoveAuthenticatorViaChallengeContinue on ITwoFactorService. All the parameters can be found in steam's protobuf files: https://github.com/SteamDatabase/Protobufs/blob/master/webui/service_twofactor.proto

[Moder112]

@dyc3 Did you get that to work?
I tried adding it as a feature to steam-user, however sending the RemoveAuthenticatorViaChallengeStart protobuf resulted in a empty response, and no code being sent.
As for the service api it calls for the "key" parameter, which elsewhere is the api key, but attempting to use it here just results in a 401 and the message to check the key, so I'm not sure if that's correct.

I'm honestly a bit stuck here and I'm interested in hearing how did you get it to work.

[dyc3]

The key parameter is actually not necessary, you have to send the access_token jwt that you get from logging in. This is how steamguard-cli does it: https://github.com/dyc3/steamguard-cli/blob/master/steamguard/src/transport/webapi.rs#L57

If you have any other questions, feel free to open a discussion on the steamguard-cli repo so we aren't spamming the people here with notifications.