Module: nintendo.switch.aauth

Provides a client for the application authentication server.

class AAuthError(Exception)
Raised when the aauth server returns an error code.

class AAuthClient
The aauth client.

AAuthError

This exception is raised when the aauth server returns an error code. The following constants are defined in this class:

DEVICE_TOKEN_EXPIRED: int = 103
ROMID_BANNED: int = 105
UNAUTHORIZED_APPLICATION: int = 106
SERVICE_CLOSED: int = 109
APPLICATION_UPDATE_REQUIRED: int = 111
INTERNAL_SERVER_ERROR: int = 112
GENERIC: int = 118
REGION_MISMATCH: int = 121

The error can be inspected using the following attributes:

response: HTTPResponse
code: int
message: str

AAuthClient

def __init__()
Creates a new aauth client.

def set_request_callback(callback: Callable) -> None
By default, requests are performed with http.request. This method lets you provide a custom callback instead.

def set_context(context: TLSContext) -> None
Changes the TLS context. By default, the server certificate is verified with Nintendo CA - G3 or Nintendo Root CA - G4, depending on the specified system version.

def set_certificate(cert: TLSCertificate, key: TLSPrivateKey) -> None Changes the client certificate of the current TLS context. When aauth.hac.lp1.ndas.srv.nintendo.net is used, which is the case on system version 20.0.0 and later, the server rejects all requests without a valid client certificate.

def set_host(url: str) -> None
Changes the server to which the HTTP requests are sent. The default is aauth-lp1.ndas.srv.nintendo.net or aauth.hac.lp1.ndas.srv.nintendo.net, depending on the specified system version.

def set_power_state(state: str) -> None
Changes the content of the X-Nintendo-PowerState header. The default is "FA".

def set_system_version(version: int) -> None
Changes the system version that is emulated by the client. The system version should be given as a decimal integer. For example, 1002 indicates system version 10.0.2. All system versions from 9.0.0 up to 22.1.0 are supported.

async def get_time() -> tuple[int, str]
Requests the current server time with /v1/time. Returns a tuple that contains the current server time and your public IP address.

async def challenge(device_token: str) -> dict
Requests a challenge from the aauth server. The device token can be obtained from the dauth server. The challenge is used for gamecard authentication.

async def auth_system(title_id: int, title_version: int, device_token: str) -> dict
Requests an application token from the aauth server for a system title. The device token can be obtained from the dauth server.

async def auth_digital(title_id: int, title_version: int, device_token: str, cert: bytes | str) -> dict
Requests an application token from the aauth server for a digital title. The device token can be obtained from the dauth server. Prior to system version 15.0.0, the cert parameter must contain the raw ticket (which can be dumped with nxdumptool). In system version 15.0.0 and later, it must contain a contents authorization token instead (which can be obtained from the dragons server).

async def auth_gamecard(title_id: int, title_version: int, device_token: str, cert: bytes, gvt: bytes, challenge: str = None, challenge_src: str = None) -> dict
Requests an application token from the aauth server for a gamecard. The device token can be obtained from the dauth server. The certificate can be obtained with nxdumptool. The gvt parameter must contain the challenge response. Unless you have the Lotus encryption keys, the challenge cannot be solved offline, but EpicUsername12 made a tool that solves the challenge on a real Switch.

The challenge and challenge_src parameters are required on system version 19.0.1 and later.

async def auth_nocert(title_id: int, title_version: int, device_token): str -> dict
Requests an application token from the aauth server for a title for which no ticket was found on the Switch.

WARNING: Do not use auth_nocert on a production server, because it will immediately ban your Switch.