New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mobileclient login stopped working with app passwords #620

Closed
dsears opened this Issue Oct 6, 2018 · 25 comments

Comments

Projects
None yet
@dsears

dsears commented Oct 6, 2018

As of October 4, I'm no longer able to authenticate the Mobileclient interface using an app password on my 2FA-enabled account. It was working on October 3.

I've tried:

  • Updated to gmusicapi 11.0.3 (Python 2.7)
  • Tried generating a new app password. The old one is still present and does not indicate expiration.
  • Verified that I can authenticate using Mobileclient to a different account that does not use 2FA.

Is it just me, or is Mobileclient broken for other 2FA users as well?

@thebigmunch

This comment has been minimized.

Contributor

thebigmunch commented Oct 6, 2018

I'm still able to log in using an app-specific password with 2FA-enabled accounts.

@sigma67

This comment has been minimized.

sigma67 commented Oct 6, 2018

Same issue. Getting "NotLoggedIn" exception

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Oct 7, 2018

CI started being failing to log in. I forget if it's using an app password or not.

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Oct 7, 2018

Interestingly, "allow less secure apps" was turned off for that account. I'm pretty sure it was on in the past, so maybe Google accidentally toggled it. I'll find out shortly whether it makes a difference.

@dsears

This comment has been minimized.

dsears commented Oct 7, 2018

On my 2FA account, Google would not let me enable less secure apps.

@sigma67

This comment has been minimized.

sigma67 commented Oct 8, 2018

That solution worked for me. Enabled it at https://myaccount.google.com/lesssecureapps and login worked again.

@tchrischan

This comment has been minimized.

tchrischan commented Oct 8, 2018

It's definitely intermittent. I have a batch job that runs several different gmusicapi calls, instantiating a mobileclient each run, and some of them work and some don't. I can re-run the failures and eventually get them all to run.

I'm using 2FA, and also not able to change the less secure app setting.

@bijai

This comment has been minimized.

bijai commented Oct 13, 2018

I had the same issue. Using one of the Android Id from get_registered_devices() in login() made it work.

@fergyfresh

This comment has been minimized.

fergyfresh commented Oct 16, 2018

I cannot login using a new device. I must use an older Android ID, but cannot remember how to get to the get_registered_devices() without logging in first...

@tchrischan

This comment has been minimized.

tchrischan commented Oct 16, 2018

For now, I'm just doing this. It's working for me as a workaround.

logged_in = False;
while True:
logged_in = gmapi.login(GOOG_USERNAME, GOOG_PASSWD, Mobileclient.FROM_MAC_ADDRESS)
if logged_in:
break
else:
print "Retrying login..."

@fergyfresh

This comment has been minimized.

fergyfresh commented Oct 16, 2018

thats so brute forcey

@mikeage

This comment has been minimized.

mikeage commented Oct 16, 2018

@tchrischan it might be a good idea to look into something like https://pypi.org/project/retrying/ or the newer https://pypi.org/project/tenacity/ , and consider adding some delays and a maximum number of tries.

@dsears

This comment has been minimized.

dsears commented Oct 16, 2018

@tchrischan

import time
logged_in = False
while True:
  backoff = 1
  logged_in = gmapi.login(GOOG_USERNAME, GOOG_PASSWD, Mobileclient.FROM_MAC_ADDRESS)
  if logged_in:
    break
  else:
    print "Sleeping", backoff
    time.sleep(backoff)
    backoff += 1
    print "Retrying login..."
@tchrischan

This comment has been minimized.

tchrischan commented Oct 16, 2018

@fergyfresh yes, yes it is.

But it's just a workaround. @dsears's code is an improvement (thanks), but I also did not want to spend too many cycles fixing behavior we don't even know will be permanent (especially with the announcement of Youtube Music) to have a more elegant solution.

It only fails for me once or twice before it works, so brute force retying is fine for me. YMMV.

@fergyfresh

This comment has been minimized.

fergyfresh commented Oct 16, 2018

@tchrischan i used this to generate a fake id https://www.myfakeinfo.com/mobile/get-android-device-information.php and then that only failed once and exceptioned out with the exact android id set that are verified on my account. I manually grabbed one of those and now i'm in every time using android_id instead of Mobileclient.FROM_MAC_ADDRESS. If you're looking for a more permanent/less hacky solution. FWIW, of course.

@cameronbell97

This comment has been minimized.

cameronbell97 commented Oct 16, 2018

Brute forcing doesn't work for me
I only started using gmusicapi a week ago and I've never been able to log in.
I get an error in session.py where gpsoauth.perform_master_login(email, password, android_id) returns 'Error: NeedsBrowser' and 'ErrorDetail: To access your account, you must sign in on the web'. When I follow the URL it returns it takes me to a 2f auth login page.

I'm using an App Password, and it's definitely working because the "last used" field in my App Passwords page on my Google Account updates when I attempt a login.

Not sure where to really go from here

@cameronbell97

This comment has been minimized.

cameronbell97 commented Oct 16, 2018

Never mind, I managed to solve my own problem using https://accounts.google.com/b/0/DisplayUnlockCaptcha

@morsik

This comment has been minimized.

morsik commented Oct 18, 2018

Using that DisplayUnlockCaptcha link worked for me, but trying to play any mp3 results in 403 to from gmusicapi to Google API

@fergyfresh

This comment has been minimized.

fergyfresh commented Oct 19, 2018

@bigmunch. Try using the app password on another mac address. It wont work ;)

@thebigmunch

This comment has been minimized.

Contributor

thebigmunch commented Oct 19, 2018

@bigmunch. Try using the app password on another mac address. It wont work ;)

Not sure what this attitude is about. There was no talk about it being an issue with different machines when I first responded. And I haven't been part of the discussion since.

Also, I tried it on 3 different machines when I first responded. All worked first try for me then. I just retried them now, and they all worked first try for me.

TL/DR Welcome to my ban list.

@fergyfresh

This comment has been minimized.

fergyfresh commented Oct 19, 2018

I meant to say NEW mac address. It seems to be an issue with using the same app password with a new machine. At least, thats what most of this thread is about. Also there was definitely no attitude implied there (and don't see how tagging a maintainer that said there's no issue when there is clearly an issue is somehow attitude), I was just trying to poke at the fact that there is seemingly a bigger issue somewhere here that we haven't been able to figure out.

It's probably only for 2FA users too, which you might not be using. Sorry you thought I had attitude. I apologize if you're having a bad day. I'm just trying to get this issue a higher priority because it's flowing downstream pretty hard to my app.

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Nov 18, 2018

I looked into this for a bit in the context of CI. I set up a proxy on a server of mine, went through the displayUnlockCaptcha flow, and was surprised to see I still couldn't log in when proxying Travis through it afterwards.

I noticed two things when investigating more. First, only the gpsoauth.perform_master_login step is problematic. Reusing a previously-acquired master token with gpsoauth.perform_oauth works fine (there's a concrete example of how to do this here).

Second, when the master login fails Google provides a link for the client to go through the browser-based flow. For example, my response looks like

u'Url': u'https://accounts.google.com/signin/continue?sarp=1&scc=1&continue=https://accounts.google.com/o/android/auth?hl%3Den_us%26xoauth_display_name%3DAndroid%2BLogin%2BService%26source%3DAndroid%2BLogin&plt=...',
u'ErrorDetail': u'To access your account, you must sign in on the web. Touch Next to start browser sign-in.',
u'Error': u'NeedsBrowser'}

Opening the link in a browser works, but only sets the resulting tokens as cookies for the browser. I don't see a straightforward way to get Google to present them so users can easily copy them out.

Given that (as far as I can remember) the master_login flow was just a workaround for converting sso credentials to oauth, I'm thinking it's time to just deprecate the sso interface and move to normal oauth instead. In other words, the mobileclient would get an interface to mirror the musicmanager's, and we'd eventually remove the old email+password one.

Thoughts? It'd be a big breaking change, but I figure it's for the best in the long run.

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Nov 21, 2018

I've got this working on the develop branch. If you want to try it out:

pip install git+https://github.com/simon-weber/gmusicapi.git@develop#egg=gmusicapi

Then do something like:

python -c 'from gmusicapi import Mobileclient as MC; m = MC(); print m.perform_oauth();
python -c 'from gmusicapi import Mobileclient as MC; m = MC(); print m.oauth_login("<device_id>"); print m.get_all_songs()[0]'
@academo

This comment has been minimized.

academo commented Nov 23, 2018

@simon-weber I tried the code to use the oauth in the mobileclient and it works very well (tried with python3)

@simon-weber

This comment has been minimized.

Owner

simon-weber commented Dec 1, 2018

Alright, OAuth support is out in 11.1.0. I'm going to close this since it should address the original problem from this issue; feel free to open a new one if you run into issues.

@simon-weber simon-weber closed this Dec 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment