New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Android devices logout of Google Account after using MoblieClient #424

Open
JVMed opened this Issue Mar 1, 2016 · 16 comments

Comments

Projects
None yet
8 participants
@JVMed

JVMed commented Mar 1, 2016

I've got a script that is runs fine everyday (only using the MoblieClient interface APIs) and ~50% of the time after a few hours of the script ending, I get a persistant "Account Action Required" notification on each of my Android devices. I then need to tap on the notification to log into my account to get all my Google stuff syncing again. I do not get logged out on any desktop Chrome logins. The script is also not affected and always works.

I have 2 step verification enabled on my Google account and the script uses an app password. I've tried using different MAC addresses with the Mobileclient login and currently using the same MAC as my phone but my Android devices still get logged out. Anyone had this issue before?

persistant "Account Action Required" notification

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Mar 1, 2016

I've never seen this, but I feel like someone has reported it here in the past. I can't find an issue for it though.

@dvirtz

This comment has been minimized.

dvirtz commented Mar 1, 2016

I'm having it too.

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Mar 6, 2016

This would probably be fixed by #426 if it pans out.

@tadly

This comment has been minimized.

Contributor

tadly commented Mar 8, 2016

I think this might be the same problem I had some time ago.
Are you sending a lot of request per second?

Check issue #367 and the workaround mentioned ;)

@JVMed

This comment has been minimized.

JVMed commented Mar 9, 2016

@tadly Your problem sounds like mine. Your authtoken workaround looks like a solution (haven't tested it yet). How long does the authtoken login work? Does it expire after some time or uses?

Is this the issue you were thinking of @simon-weber ?

@tadly

This comment has been minimized.

Contributor

tadly commented Mar 9, 2016

@JVMed honestly I don't know and I never tested it.
I am however sending a test-request.

Basically I overloaded the login method in my own class which implements the workaround and sends a test-request get_registered_devices() within a try: ... except: ... block.
On failure, I do a proper login and preserve the new authtoken.

It's not very nice but works for now :)
This is a snippet from my add-on.
_addon.getSetting and _addon.setSetting should be self-explanatory

class GMusic(Mobileclient):
    def login(self):
        username  = _addon.getSetting('username')
        password  = _addon.getSetting('password')
        device_id = _addon.getSetting('device_id')
        authtoken = _addon.getSetting('authtoken')

        if authtoken:
            self.android_id               = device_id
            self.session._authtoken       = authtoken
            self.session.is_authenticated = True

            try:
                # Send a test request to ensure our authtoken is still valide and working
                self.get_registered_devices()
                return True
            except:
                # Faild with the test-request so we set "is_authenticated=False"
                # and go through the login-process again to get a new "authtoken"
                self.session.is_authenticated = False

        if device_id:
            if super(GMusic, self).login(username, password, device_id):
                _addon.setSetting('authtoken', self.session._authtoken)
                return True

        # Prevent further execution in case we failed with the login-process
        raise SystemExit
@JVMed

This comment has been minimized.

JVMed commented Mar 9, 2016

@tadly Cool, I'll definitely test it out when I get a chance 👍

@JVMed

This comment has been minimized.

JVMed commented Mar 13, 2016

I am now using your login code @tadly and will see over the next week or so if I get logged out of my Android devices. I haven't had an authtoken login failure yet unless I force one.

So using this login technique, from Google's point of view, does it look like the same session/login because we are using the same authtoken instead of getting a new one on each login?

@tadly

This comment has been minimized.

Contributor

tadly commented Mar 14, 2016

So using this login technique, from Google's point of view, does it look like the same session/login because we are using the same authtoken instead of getting a new one on each login?

I'm pretty sure on that one. Though, I don't quite know the source for the current login process.
Usually with OAuth you'd get the session-toke and both a expires-at and refresh-token.
The latter two are to (you might have guessed already) refresh a session without the users need to do anything.

Because gmusic isn't a public api (with proper documentation and such) the current login-process is a bit.. wonky and doesn't follow traditional processes (@simon-weber please correct me if I'm wrong).

But, as simon already mentioned, #426 would fix/improve quite a lot if it works out :)

@JVMed

This comment has been minimized.

JVMed commented Mar 20, 2016

My problem is fixed. After using this authtoken method for a week, I have not yet been forcibly logged out of my google account on any Android devices which is great.

@thebigmunch

This comment has been minimized.

Contributor

thebigmunch commented Mar 20, 2016

My problem is fixed. After using this authtoken method for a week, I have not yet been forcibly logged out of my google account on any Android devices which is great.

Correction, you have worked around the problem. The problem still exists, you've just made it so you don't encounter it. It's an important distinction.

@exp0nge

This comment has been minimized.

exp0nge commented Oct 28, 2017

@tadly that code snippet that you provided generates traceback.extract_stack() errors (trying to find an instance of the client) BUT still returns the correct responses. Are you still using this package?

I did a bad thing...

gmusicapi_logger = logger = logging.getLogger('gmusicapi')
gmusicapi_logger.setLevel(logging.ERROR)
@tarcus69

This comment has been minimized.

tarcus69 commented Sep 13, 2018

Was this issue ever resolved in the main library? I run a script once a day and regularly find all my android devices being logged out.

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Sep 14, 2018

I'd forgotten about it, to be honest. The oauth/mobileclient stuff didn't work out, so we'd probably need #367.

@soncaokim

This comment has been minimized.

soncaokim commented Sep 20, 2018

@tarcus69

This comment has been minimized.

tarcus69 commented Sep 20, 2018

I've implemented it too and have been running my script once an hour for about half a day, no logouts so far, normally I'd get logged out on my android devices about once a month when running my original script once a day so I'd estimate it would take about 30 authentications before my androids get logged out so if it survives for a few days being run once an hour without problems then it's looking good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment