REST API - invalid username/password error even with valid credentials #55
Comments
|
Have you read through #45 ? |
|
Now I read this whole discussion, and I understand there is system against
bots that prevent using this API.
And solution is not described in documentation and the whole discussion is
one year old, lot of things could change during this time
So what is current state? Which partner login needs to be used for
authentication?
what are the all headers fields required?
I had no luck with getting partner auth token.
…On Sun, Sep 4, 2022 at 4:24 AM hucario ***@***.***> wrote:
Have you read through #45
<#45> ?
—
Reply to this email directly, view it on GitHub
<#55 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEQPFWQWXVQF44WSI7B5DLV4QB5DANCNFSM6AAAAAAQEC4PTE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
OK, so the workaround we figured out is thus:
holdups / possible problem points:
i'll post working example code Soon:tm:. it'll be Typescript, because that's what I use |
|
Thanks for quick response. I am looking forward to your code example. I
wanted to write Pandora client in Swift because why not :)
…On Sunday, 4 September 2022, hucario ***@***.***> wrote:
OK, so the workaround we figured out is thus:
- The user auth token (UAT) you get from the JSON api works with the
REST api as well
- log in with the JSON api
- use the UAT provided by that for the REST api
holdups / possible problem points:
- the JSON api requires you to have a User-Agent of libcurl. We
haven't tested very many others, but we know that one works and browser
User-Agents generally don't.
- the JSON api uses an encryption (more than just using TLS, as this
was made before TLS became widely used(!)) for security over insecure
connections (i.e. straight HTTP). this is pain. the partner login step
doesn't use this, but the user login step does
i'll post working example code Soon™️. it'll be Typescript, because
that's what I use
—
Reply to this email directly, view it on GitHub
<#55 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEQPFV4JN3KYDNSNQ5MM2TV4TQSFANCNFSM6AAAAAAQEC4PTE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Alright, here's an implementation ripped straight from hucario/Anesidora:typescript and further lobotomized for just the purpose of getting a UAT. I have tested this precisely 0 times, but it should show what you need to do. https://gist.github.com/hucario/9ca6b9f6a16d7d9a26573c7ca740ff03 If it helps, here are the typings I use for the Pandora API: |
|
Big thanks for the effort. I was trying to convert your code to Swift. This is unfortunately not possible as u use functions like fromCharCode that has no equivalent in Swift. I tried different solutions and once e.g. for code '44' i got letter "D" and on Javascript MDN page 44 means ",". Swift does not offer possibility for getting character from unicode stored in variable. It's pity but that's life. I will just use pianobar as long as it's working :)
|
|
@Behinder https://github.com/EpimetheusMusicPlayer/pandora_authenticator Dart is not the best language for such a tool (the resultant programs are relatively large and slow), but I'm leveraging my existing library so I didn't have much of a choice. It might be a good project to rewrite as I learn Rust - but I can't promise anything. |
|
Thank you very much for the effort. I learned what you recently discovered that some programming language are not suitable to do certain task. Big appreciation that you were able to finish this CLI tool. for reason unknown |
|
Ah, that's because I was using the no-longer-supported git:// protocol - try now. I also have binaries for every platform in the releases. |
|
It really looks that API is impossible to use :( Ok I was able to get token from your binary, however token received is invalid. After doing request I always get: I am also including in request X-CsrfToken taken from HEAD request: so either authtoken is invalid just few seconds after generation, or expired cookie invalidates token. |
|
Alternatively, you could use the JSON API, which - while clumsier - still does work. That's what I use, and I have few problems |
|
So, using REST API not possible :(
JSON API does not work for me either as I proven authToken is invalid,
csrf token got from HEAD request set expired cookie.
Thanks for all the help tough, one less project out of my head and lot of
time spared.
…On Fri, Sep 9, 2022 at 4:31 AM hucario ***@***.***> wrote:
Alternatively, you could use the JSON API, which - while clumsier - still
does work. That's what I use, and I have few problems
—
Reply to this email directly, view it on GitHub
<#55 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEQPFSZH25Q4Z7LUFRE75LV5KOQLANCNFSM6AAAAAAQEC4PTE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
As in topic. Tested in PAW.
The text was updated successfully, but these errors were encountered: