-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
403 Failed to refresh auth token: new Cloudflare protections #96
Comments
Me too! I just installed it and it does not work :D |
After last chatGPT infra update it happens |
This comment was marked as spam.
This comment was marked as spam.
It's caused by the addition of cloudflare protection |
Unfortunately cf_clearance, cloudflare's cookie to certify it thinks you're a human (by sometimes showing a captcha), is valid only 30min as far as I know (from the same User-Agent, and the same IP I believe). |
Interesting, will let you know how long it survives for I have a service running already for 20min~ |
I think chatgpt had changed its code! It was normal yesterday, but it was wrong today |
|
Yes, OpenAI added some additional Cloudflare protections that are preventing access token refresh. CleanShot.2022-12-11.at.15.26.12.mp4NOTE: this is affecting all ChatGPT API wrappers, including the python ones. I'm actively working on a workaround, so please stay tuned. See also the conversation happening over here rawandahmad698/PyChatGPT#71 @abacaj I don't see that as a solution because those CF tokens are too short-lived to be all that useful. |
I've added a note to the top of the readme to reflect the current status. Will be updating this thread w/ progress. |
|
Not sure why that was considered spam, was pointing out the cookie was added and it can be worked around if you have the cookie / can refresh it |
@abacaj just DM'ed you on twitter; sorry about that. |
any update? |
For reference, so far the cf cookie is still valid after 1 hour |
Awesome news, so it may be the solution indeed! Keep us informed (the default is 30min but it can be changed according to CF https://developers.cloudflare.com/fundamentals/security/challenge-passage/#:~:text=By%20default%2C%20the%20cf_clearance%20cookie,between%2015%20and%2045%20minutes ) |
https://github.com/transitive-bullshit/chatgpt-api/releases/tag/v2.1.0 adds support for passing the CF I'm working on a more automated solution to refresh access tokens and clearance tokens. Stay tuned.. |
Come on. We all love you. |
I'm still getting 403 forbidden errors even with the fix. This may just be because ChatGPT is currently at capacity. If I visit https://chat.openai.com/auth/login I see this message at the top of the page:
and the networks tab shows the session request returned error 403. |
@alex12058 agreed; I'm seeing the same. Still debugging and not sure whether it's because OpenAI is explicitly tamping down on new sessions to try and curtail usage or whether it's a problem with bot detection. If anyone finds out more info, feel free to post here as well. |
according to this message, there is a _cf_bm cookie that is specifically to prevent bots. |
I think you need to pass "clearanceToken" to ChatGPTAPI
|
@Ademking Thanks. I am passing the clearanceToken to ChatGPTAPI but I am still getting 403 errors. |
Likely the token is tied to your IP address, still digging |
Tried a workaround by using cloudscraper instead of requests - it wants me to use a captcha service since it's a hcaptcha. |
For anyone just joining this thread, a bunch of us + the python hackers have been discussing options in here: https://discord.gg/DrSWaCzN |
Thanks for the hard work on the puppeteer demo. However, could I ask what would be the best strategy to update the open AI info from the puppeteer for now? Should I update it every 2 hours or do I have to update it every time request? |
Tried the puppeteer option - works great on desktop, BUT - seems not to run in headless mode, thus it's still impossible to run it on the server where the script runs :( |
I have a project running puppeteer on the server. I think the easiest way is to run the project in a docker container. There is an However, the version of node.js in this image is 16.18.1 which doesn't support the fetch that is required by this chatgpt-api package. I don't have a good solution for now. |
The clearance token expires every 2 hours, but some of the other tokens expire sooner, so I recommend every ~45 minutes to an hour. I don't think you need to refresh the full login every time; you can just refresh the CF token. |
Note: it will be difficult getting it to work on a server since it needs to match the IP address and user agent you used to generate the CF token. It's also possible that Cloudflare will occasionally ask you to solve a CAPTCHA, which can only really be done locally in headful mode at the moment. I'm working on an automated solution to bypass the hCaptchas. |
The latest release includes a puppeteer-based solution to automate login built into the package. Still TODO is automating potential CAPTCHAS. https://github.com/transitive-bullshit/chatgpt-api/releases/tag/v2.3.0 |
Also: ChatGPT failed to refresh auth token. Error: 403 Forbidden |
|
Nice one @transitive-bullshit. I’m trying to use this in my Alfred workflow, but unfortunately the headful mode breaks the workflow at the moment… Will it be headless once you crack this? |
@danielbayley yes; the main challenge with headless is auto-solving potential captchas (no guarantee they will appear and no guarantee they won't). |
Are you passing This will happen if you try to get the auth credentials but don't pass email/password to login. |
yes! is use email and password to login. |
Hi guys!You can use my project to get cookies. cf-clearance |
Does #110 not address this? |
Not work using in this lib, still 403 |
I'm sure I'm using the same UA and IP address, but I still get a 403 error. Has anyone been able to use it normally? |
Is there a perfect bypass solution now? It seems that carrying cookies still has a high chance of being intercepted and returning 403 |
If you follow all of the instructions carefully, and your account / IP hasn't been permanently flagged by Cloudflare / OpenAI, then you shouldn't ever get a 403 at this point. My Twitter bot has been running for the past 2 days without a single 403, and others have been able to get it working on Discord. Although it can take a bit of effort to get working, once you have it working, you're set. The biggest problem at this point is automating the CAPTCHAs. For anyone trying to get this to work and struggling with 403s:
If you're 100% sure you're doing all of these things and are still experiencing 403 errors, then your account or IP address may have been flagged / banned by either Cloudflare or OpenAI. Note that this can happen if you call the API far too aggressively, so be sure to put proper delays in place in your code. If you can access the webapp normally with the same account, and you've double-checked everything above, then please create a new issue with as much detail about your environment and how you're using the API as possible. Priority will be given to reviewing issues that include a minimal reproduction repo. |
@optionsx to refresh your If you don't pass |
@transitive-bullshit I ran into this issue while trying out the bot on Twitch ChatGPTError: ChatGPTAPI error 403
|
Hello, I am now getting a 403 Forbidden error
The text was updated successfully, but these errors were encountered: