400 Client Error: Bad Request for url: https://accounts.spotify.com/api/login
Closed this issue · 19 comments
This just started happening today.
You can still get a csrf_token,
But the login post fails.
I looked in chrome dev tools, and it is posting now to : https://accounts.spotify.com/api/login/password
But changing it to this url didn't help
const process = require( "process" );
const path = require( "path" );
const global_package_path = process.argv[ 0 ].split( "/bin/node" )[ 0 ] + "/lib/node_modules";
const puppeteer = require( path.join( global_package_path , "puppeteer" ) );
const SPOTIFY_USERNAME = "";
const SPOTIFY_PASSWORD = "";
( async ()=> {
const browser = await puppeteer.launch( { headless: true } );
const page = await browser.newPage();
await page.setViewport( { width: 1200 , height: 720 } )
await page.goto( "https://accounts.spotify.com/en/login?continue=https:%2F%2Fopen.spotify.com%2F" , { waitUntil: "networkidle0" } );
await page.type( "#login-username" , SPOTIFY_USERNAME );
await page.type( '#login-password', SPOTIFY_PASSWORD );
await page.click( "#login-button" );
await page.waitForNavigation( { waitUntil: "networkidle0" } );
const token_info = await page.evaluate( () => {
const token_script = document.getElementById( "config" );
const token_json = token_script.text.trim();
const token_info = JSON.parse( token_json );
return token_info;
});
await browser.close();
console.log( token_info );
console.log( token_info[ "accessToken" ] );
console.log( token_info[ "accessTokenExpirationTimestampMs" ] );
})();
import asyncio
from pyppeteer import launch
SPOTIFY_USERNAME = "";
SPOTIFY_PASSWORD = "";
async def main():
browser = await launch()
page = await browser.newPage()
await page.goto( "https://accounts.spotify.com/en/login?continue=https:%2F%2Fopen.spotify.com%2F" )
await page.type( "#login-username" , SPOTIFY_USERNAME )
await page.type( '#login-password', SPOTIFY_PASSWORD )
await page.click( "#login-button" )
await page.waitForNavigation()
token_info = await page.evaluate('''() => {
const token_script = document.getElementById( "config" );
const token_json = token_script.text.trim();
const token_info = JSON.parse( token_json );
return token_info;
}''')
await browser.close()
print( token_info )
asyncio.get_event_loop().run_until_complete( main() )
I've the same problem...
import asyncio
from pyppeteer import launch
@raspi-chromecast-box cool for a working alternative but this is too heavy for the needed purpose
do you know how to capture chrome http traffic and replay it in a python request.Session() ?
I think this might be because spotify is now using https://www.google.com/recaptcha/api2/
or they might always of been using it. but you have to send &recaptchaToken= in the POST to https://accounts.spotify.com/login/password
I tried to use https://httptoolkit.tech/ and https://github.com/gtzampanakis/harreplay
But , somehow the recaptchaToken needs updated every time.
there also could be more stuff.
Also, spotify just reset my password automatically after doing all of this.
I agree that puppeteer is too bug for this. I would think even that will be closed down for machine 2 machine use.
Let's see if someone manages to retrieve the token another way.
We are probably doomed with https://accounts.spotify.com/api/login (i hope i am wrong...)
"error": {
"status": 400,
"message": "Only valid bearer authentication supported"
}
There are other ways tho like the one used in librespot as explained in the linked documentation or implementing lighter @raspi-chromecast-box solution...
Got the same issue here.
"Call-service API error. Error Message: 400 Client Error: Bad Request for url: https://accounts.spotify.com/api/login"
Alternative method implemented in rust with librespot... https://github.com/michaelherger/spotty
(it does work flawlessly but note that it require 30 min or more to build the app, a premium account, login/pass, and a client-id to be created here... app-secret is not needed, nor authorization if the client-id is yours)
Are you suggesting that the authentication methods (such as zeroconf) used by librespot are enough to get a token which can then be used in calls to initiate Spotify playback on a Google Home device? Or are you focused on other Spotify API calls?
@intika I understand.
I was mixing my contexts. I was reading through this because I am hoping to enable initiating playback on a Google Home device and the approach I was looking into from @fondberg stopped working due to this bug, and the thread is suggesting that a "normal" API token is not sufficient and a "web player" one is required.
Therefore this track of conversation may not be appropriate for this issue. My apologies.
enough to get a token which can then be used in calls to initiate Spotify playback on a Google Home device?
@MeanderingCode not possible to "initiate" the playback on such devices... i tried quickly to find out the missing scope... without success, this need more investigation...
To save everybody any headaches here are the boundaries:
- To start spotify on a chromecast device you require a more powerful token which can only be received using proprietary username/password auth. To my knowledge it is only through the browser player login but if librespot receives a token when using username/password auth with enough scopes it should work to use that token.
- A token received using oath login using ones own client-id will NOT have the scope required to start spotify on a chromecast device. This is intentional by spotify and is widely known.
What someone could try is to get the username/password token using librespot and use it to start spotify on a chromecast device. Just modify the spotify example in pychromecast to use that token instead of getting one.
If that works then the question is really why the python code in this repo can't do the same...
@fondberg after a quick look at librespot's code, it is likely not possible.
To start spotify on a chromecast device you require a more powerful token which can only be received using proprietary username/password auth. To my knowledge it is only through the browser player login but if librespot receives a token when using username/password auth with enough scopes it should work to use that token.
note that librespot uses a tcp based connection, neither http nor tls but it's encrypted tho...
@intika does look like librespot is doing something completely different to authenticate.
It also looks like the new endpoint the UI uses (https://accounts.spotify.com/login/password) is enforcing a reCaptcha token along with some other stuff I wasn't quite able to decipher.
I will try to do some research and see if any of the librespot logic can be carried over or if there's a workaround but for now what @fondberg mentions should work.
Any PRs or guidance are welcome!
I couldn't get the python version of puppeteer to load cookies for some reason.
So this is now in node , but it seems to be fine.
I still don't know which cookie is the one that expires the login session. So it just re-logs-in if any expire.
https://github.com/raspi-chromecast-box/spotify-browser-token-server
Unfortunately back on LMS with Spotty and Chromecast Bridge temporarily ...
Yesterday, my Sonos stopped working with Spotify. It has been down for nearly a day. Sonos' status page claims that a "fix has been implemented by Spotify".
I wonder if some long-lived token lifetimes finally expired and they could not get new ones due to this or related auth changes on Spotify's end, which then had to be changed so that software could authenticate? Possibly worth investigation by some eager person :)
Spotify playback failures
Monitoring - A fix has been implemented by Spotify and we are monitoring the results.
May 7, 20:06 UTC
Update - As we continue to work with Spotify to resolve playback issues, affected users can stream from Apple devices via Airplay from the native Spotify app to any Airplay enabled Sonos speaker.
May 7, 15:02 UTC
Update - We are continuing to work with Spotify on a fix for this issue.
May 7, 05:55 UTC
Identified - The Spotify service is experiencing issues on Sonos as well as the Spotify mobile app. We are working with Spotify to restore service and will update this page when we have more information.
May 6, 23:52 UTC
(Worth noting that I have note been experiencing playback issues with the Spotify mobile app at all)
Hi,
I was able to get sp_dc and sp_key in a much more simple way than using “developer tools”:
If using chrome browser you only need to open url
chrome://settings/cookies/detail?site=spotify.com
and copy content from sp_dc and sp_key cookies
If you have no cookies you have to login at
https://open.spotify.com/
and then go back to previous url
Hope can be useful