-
Notifications
You must be signed in to change notification settings - Fork 257
get_stream_url gives 403 with 'DEVICE_NOT_AUTHORIZED' for Mobileclient.FROM_MAC_ADDRESS #590
Comments
Huh, that's the first I've heard of them actually introspecting device ids. Sounds like we may need to deprecate FROM_MAC_ADDRESS and make it easier for people to look up their existing device ids before logging in. |
I just tried it again, and I guess deprecating is probably a good idea, no idea when it will just stop working completely. |
Weird. Could be that they're in the process of rolling the new change out (though in the past I've usually seen that around Fridays, not the start of a week). |
Or could just be Google servers being flaky as they have been so many times in the past : P |
I just got a similar problem to this. stack trace is basically this
So I work on an Alexa app that is built off of this, which is awesome by the way and suddenly my deployment stopped working. So I have a serverless setup that depends on this that has been working for about two months now and it randomly stopped working today. It gets the song info but fails to stream the song. The only thing I can think of is that I'm using S3 to redirect (I've used it for almost 200 songs at this point.) the stream through because I'm using a serverless setup (ApiGateway and Lambda) cause its just so damn cheap. Long story short, does anything glaringly wrong jump out in my stack trace? Like I said I haven't changed the code at all, it seems Google is blocking me, thats my only idea. Maybe I should try rotating the app password every so often? Maybe this is their way of telling me? I'm not sure. |
In order to use ApiGateway + Lambda with this skill we need to manually login to the api in a python shell from a computer with a good mac address and then use |
Ah, yeah. I think geemusic defaults to from_mac_address, which doesn't work well in paas setups: stevenleeg/geemusic#183 (comment). |
Any idea why it worked for about a month and then they finally cut me off? I did notice the stream taking longer and longer to play even from the native app. |
Hard to say. Could have been that you were creating lots of new devices without knowing, Google blacklisted the lambda ips, aws switched to new ip range that Google already had blocked, etc. |
True. I just didn't know how much you knew about the inner workings of this stuff. It appeared to only block me because I wasn't using a device id, or does |
gmusicapi can generate one from the machine's mac address if requested, though it's not recommended. geemusic defaults to this behavior. |
Ah ok, and since Lambda hits a different machine every time which has a different MAC Address, but has the same ARN, Google blocks it because I'm coming from the same address but with multiple different device ids. I now see what you were saying about the creating lots of new devices. |
I was using the same MAC address for each call for a month now... Today my main MAC address that i pass trough the API as an hardcoded string isn't working ! So i don't think the only issue is about using multiple Mac addresses. |
I have also been using the same MAC address for each call for well over a month, something was changed on Googles end. I even have tried using a valid android device_id that is registered with the account, seems the only way I am able to get Mobileclient.get_stream_url() to work is being logged into the account on the mobile app with the device of the device_id at the same time. Otherwise it is throwing a 403 error. I am able to reproduce this with 2 different accounts using 2 different devices and device_id's on 2 completely separate networks; so it is not blocking or anything strange on Googles end other than the changes they made this last week. |
After some testing I have found out that using the MAC address no longer will work. You need a valid android device_id that has been linked (authorized) to the account. You also can no longer use your regular login/password, you must use an app password after setting up 2FA. Once I met these two requirements everything started working again. |
@fizzybunk I'm having this problem on my Raspberry Pi. Do you know what I need to do for a valid device_id? |
@fizzybunk Actually, I tried plugging in one authorized Android device ID's and I'm back to streaming GMusic! |
That's right baby.
…On Sun, May 27, 2018, 3:31 PM Dave Nikkel ***@***.***> wrote:
@fizzybunk <https://github.com/fizzybunk> Actually, I tried plugging in
one authorized Android device ID's and I'm back to streaming GMusic!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#590 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJN8OJwu_lyXlUbhtgXr6haZm2sA22dpks5t2v77gaJpZM4RGSpw>
.
|
I think this problem has something to do with Google Play Music's integration to YouTube Music. Because I had the same problem just after the change (night May 22 UTC). |
My CI broke too. I'll try to make some time for this over the weekend. |
I'll try to help out too. I think I have a workaround, if you use |
If it's just the format of the id that they care about, we might be able to fix the mac address generation. Otherwise, we can just make it easier to pick an existing id (I don't think one is needed during login, so we can pick it afterwards). |
Yeah and if they actually care about the id we kinda have to use the
already existent device ids right?
…On Wed, May 30, 2018, 10:35 AM Simon Weber ***@***.***> wrote:
If it's just the format of the id that they care about, we might be able
to fix the mac address generation. Otherwise, we can just make it easier to
pick an existing id (I don't think one is needed during login, so we can
pick it afterwards).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#590 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJN8ODjOu8Ny3chLvMaDpJLshXlgNPJqks5t3q5HgaJpZM4RGSpw>
.
|
Just an FYI: when I was poking at this in the IRC channel with someone, I noticed that my Pixel 2 XL's associated ID wasn't its Android Device ID, but rather its Google Service Framework ID. Seems that it is the same kinda format, digits and uppercase letters. But they are different. |
From my testing, this is not the case : ( Appears to require the ID of a linked Android device. |
An interesting finding: I can get stream urls with a device id that's been registered to another account. There were a few hangups, though:
Trying a fake id generated here results in the same login notification, but I'm not able to get a stream url. So, my guess is that they're verifying that the android device has been connected to GSF, but not necessarily that it's registered to the account. That means we could potentially hardcode ids into gmusicapi, though that doesn't seem like a good idea. Unless someone comes up with something better, my proposal is:
|
Oh, and checking how ios devices are handled is a good idea if someone gets a chance. They're not as tightly linked to Google as android devices are, so they might be a potential way to fix from_mac_address. |
Both ANDROID and DESKTOP_APP in the list. Android ones are 16 digit hex, and Desktop ones are 64 chars. My current phone is on the list, and it's not its MAC address, maybe it is the Google Service Framework ID but I have no way to check that. |
@ndg63276 what did you try and what does didn't work mean. You omitted the |
I only have the free version, up until a couple of weeks ago that worked fine, using
Now that logs in, but any call to I have also tried:
This started happening when I got a new phone, so I thought maybe I'd hit a limit on number of devices (I had 9), but even after deauthorising an old device through the website, the problem remains. |
What's the description of the 403? They return 403 for a few different reasons. Could it be that you're trying them too quickly and you're getting 403 forbiddened by rate limits and not by invalid device? |
Traceback (most recent call last): |
The device ID was never the MAC address of the Android Device. You can check the GSF ID in the Settings of your phone. You can also download apps to display that and other information (e.g. the Android device ID). Just search for 'device id' on the Play Store. The device ID in your failed request posted has a length of 19. Valid Android device and GSF IDs should be 16. |
Mine is also 16 characters. |
Mine is length 16, but it is converted to a base 10 int by the method _ensure_device_id()
But, using my Google service framework id as my device id does work! I made a stupid mistake, in my comment 2 days ago, I looped through the registered devices and tried using the id from each of them, but without accounting for the fact that they are reported with '0x' prefixes, which I failed to strip. D'oh! |
That's why I asked the question about the 0x prefix buster brown!
…On Thu, Jun 7, 2018, 4:26 AM ndg63276 ***@***.***> wrote:
The device ID in your failed request posted has a length of 19. Valid
Android device and GSF IDs should be 16.
Mine is length 16, but it is converted to a base 10 int by the method
_ensure_device_id()
>>> api.android_id
'1234567890abcdef'
>>> api._ensure_device_id()
'1311768467294899695'
But, using my Google service framework id as my device id does work! I
made a stupid mistake, in my comment 2 days ago, I looped through the
registered devices and tried using the id from each of them, but without
accounting for the fact that they are reported with '0x' prefixes, which I
failed to strip. D'oh!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#590 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJN8OIa1pNALI47eOUKmjCGRqZ8U2mHsks5t6OPQgaJpZM4RGSpw>
.
|
I tried this on my computer and using |
Joining the thread because I just ran into this issue myself while trying to pick back up my Play Music skill for Mycroft. I can confirm that I can use the FROM_MAC_ADDRESS to login, get my registered device list, and then hard-code an id out of there to make things work again. It'd be awesome to have an alternate solution, of course, since it feels like I'd be inviting the wrath of Google to go around spoofing my phone's ID on my Mycroft skill. |
What worked for me was using @ndg63276's answer, just stripping the mobile_client = Mobileclient()
mobile_client.login('[email protected]', 'mypass', mobile_client.FROM_MAC_ADDRESS)
device = mobile_client.get_registered_devices()[0]
device_id = device['id'][2:]
mobile_client = Mobileclient()
mobile_client.login('[email protected]', 'mypass', device_id)
# Continue as normal |
@budowski do you know if it works with every ID type or just the ANDROID_ID type? I have a couple devices registered to my account so I was just checking if maybe I should also check for the device ID type that works for me. For example, the iPhone's device ID doesn't have a |
@budowski I agree that this works personally and for now, but I am really leery of distributing code to others saying "This works only if you have an Android device already." and "You're technically abusing your Android device's ID and Google might take action against you." I can certainly keep doing things that way for personal development, but it feels like an unreasonable requirement and risk to give any users of my code. |
@roadriverrail By using gmusicapi at all, you're using private API calls that Google might already take action against you for using. None of this is supposed to be used by 3rd parties. And there are actually some things possible with this that would REALLY whip Google into a frenzy if they were abused. That being said, I certainly wouldn't distribute one of my device IDs in code. Google now requires a valid Android (probably iOS, too) device ID for streaming. There is nothing to be done about it. If your application doesn't allow for users to provide their own Android device ID in some kind of configuration or hard-code it pre-install, then you're out of luck. @fergyfresh We don't know. Earlier in this thread, Simon asked if someone could test with an iOS device ID. No responses were given. |
I use Androids only. |
yeah, install play music and auth to that device with your account. then you call the same function |
Tested this with an iPhone (IOS 10.3.3): The device ID is indeed different, needs a different mechanism for building the ID to be legal: mobile_client = Mobileclient()
mobile_client.login('[email protected]', 'mypass', mobile_client.FROM_MAC_ADDRESS)
device = mobile_client.get_registered_devices()[0]
if device['type'] == 'ANDROID':
device_id = device['id'][2:]
elif device['type'] == 'IOS':
device_id = 'ios' + device['id'][4:]
mobile_client = Mobileclient()
mobile_client.login('[email protected]', 'mypass', device_id) However, even though calling an API function like |
@budowski I'm not quite sure how you came up with PS Almost none of the calls ever required any kind of device ID. It was just the streaming calls and the podcast listing calls. That's why it doesn't matter for most calls. |
So my snapchat got pwned somehow and posted a stream url of showtunes to every one of my snapchat contacts. Not sure if its a contaminated url as the url was deleted. I changed all my passwords and made everything 2 factor auth, but I was just checking to see if anyone else got pwned to see if this was related to our ANDROID_ID hack. |
@thebigmunch - I came up with that format, since when I tried to login using the iPhone ID I received (as is, from
Where the first ID is the Android, and the second one is the iPhone device. It seems like that's the logic the gmusicapi/gmusicapi/clients/mobileclient.py Lines 46 to 58 in 7264dd8
|
Heads up that the |
After authentication, using the Mac address, we can get the list of device ids, then logout and login again using one of those device ids. Its working for me. Here is what the piece of code looks like. Hope it helps someone.
|
Alright, so combining #590 (comment) and #590 (comment), and the fix for iOS ID's, I've got: mc = Mobileclient()
mc.__init__(debug_logging=False, validate=True, verify_ssl=True)
mc.login(username, password, mc.FROM_MAC_ADDRESS)
# Pick a device_id
device_id = None
for device in mc.get_registered_devices():
if device['type'] == 'ANDROID':
device_id = device['id'][2:]
break
elif device['type'] == 'IOS':
device_id = device['id']
break
if not device_id:
print "No Android or iOS device linked to account!"
exit()
mc = Mobileclient()
mc.login(username, password, device_id) This works for me, I've got a few desktop clients and an android client on my account, however I would like to verify that this works on iOS - can someone with an iOS device check that this currently works? (I'm using it here) |
Been using everything fine until a few hours ago, when any call to
get_stream_url
returns 403 with'X-Rejected-Reason': 'DEVICE_NOT_AUTHORIZED'
when usingMobileclient.FROM_MAC_ADDRESS
I'm able to do everything but
get_stream_url
. Using an actual Android ID seems to work, so Google may have changed something to stop us using MAC addresses? Makes no difference if 2FA is enabled or not.This is probably a dupe of #584, sorry.
The text was updated successfully, but these errors were encountered: