Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth() failed #83

Closed
Gnophagia opened this issue Sep 2, 2019 · 18 comments

Comments

@Gnophagia
Copy link

commented Sep 2, 2019

pixivpy3.utils.PixivError: [ERROR] auth() failed! check username and password.
HTTP 400: {"has_error":true,"errors":{"system":{"message":"access_denied","code":1508}}}

换账号login也是同样错误,同设备网页可以登录。

@roytam1

This comment has been minimized.

Copy link

commented Sep 2, 2019

同设备网页可以登录。

app也可以登錄,估計是 https://oauth.secure.pixiv.net/auth/token 又改了

@Asidert

This comment has been minimized.

Copy link

commented Sep 2, 2019

Same problem, where can I see the new client_id and client_secret?

@roytam1

This comment has been minimized.

Copy link

commented Sep 2, 2019

Same problem, where can I see the new client_id and client_secret?

but pixiv app is not updated and new install of pixiv app can still able to login.

@Asidert

This comment has been minimized.

Copy link

commented Sep 2, 2019

Same problem, where can I see the new client_id and client_secret?

but pixiv app is not updated and new install of pixiv app can still able to login.

what then is the problem, do you think?

@roytam1

This comment has been minimized.

Copy link

commented Sep 2, 2019

Same problem, where can I see the new client_id and client_secret?

but pixiv app is not updated and new install of pixiv app can still able to login.

what then is the problem, do you think?

maybe missing params or missing headers? i.e. we may need to sniff pixiv app again.

@DaRealFreak

This comment has been minimized.

Copy link
Contributor

commented Sep 2, 2019

Also not seeing any differences so far, just digging through the app what might have changed (Android pixiv 5.0.156):

PixivOAuthResponse mo21264b(@C6444c(mo24824a = "client_id") String str, @C6444c(mo24824a = "client_secret") String str2, @C6444c(mo24824a = "grant_type") String str3, @C6444c(mo24824a = "username") String str4, @C6444c(mo24824a = "password") String str5, @C6444c(mo24824a = "device_token") String str6, @C6444c(mo24824a = "get_secure_url") boolean z, @C6444c(mo24824a = "include_policy") boolean z2);

client_id string
client_secret string
grant_type string
username string
password string
device_token string
get_secure_url boolean
include_policy boolean

no changes in the request parameters

PixivOAuthResponse b = C4402h.m13992a().mo21264b("MOBrBDS8blbauoSck0ZfDbtuzpyT", "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj", "password", str2, password, C3841g.m12695a(), true, true);

client_id -> MOBrBDS8blbauoSck0ZfDbtuzpyT
client_secret -> lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj
grant_type -> password
username -> [user]
password -> [password]
device_token -> [token (differs from device to device)]
get_secure_url -> true
include_policy -> true

client ID and client secret and other values are still the same too

String str = "https://oauth.secure.pixiv.net";
...
@C6456o(mo24836a = "/auth/token")

OAuth2 URL -> https://oauth.secure.pixiv.net/auth/token

authentication URL still the same too

String format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZZZZZ", Locale.US).format(new Date());
StringBuilder sb = new StringBuilder();
sb.append(format);
sb.append("28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c");
String str2 = "Accept-Language";
String str3 = "App-OS-Version";
Request build = chain.request().newBuilder().addHeader(C3376a.HEADER_USER_AGENT, C4396d.f15045a).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8").addHeader(str2, Locale.getDefault().toString()).addHeader("App-OS", C3376a.ANDROID_CLIENT_TYPE).addHeader(str3, VERSION.RELEASE).addHeader("App-Version", "5.0.156").addHeader("X-Client-Time", format).addHeader("X-Client-Hash", C5942ab.m17017a(sb.toString())).build();

Headers:
User-Agent -> PixivAndroidApp/%s (Android %s; %s) [VERSION.RELEASE, C5384a.m15939a(Build.MODEL)]
Content-Type -> application/x-www-form-urlencoded;charset=UTF-8
Accept-Language -> Locale.getDefault().toString() -> [en_US,...]
App-OS -> android
App-Version -> 5.0.156
App-OS-Version -> 9.0.16
X-Client-Time -> new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZZZZZ", Locale.US).format(new Date());
X-Client-Hash -> md5([X-Client-Time]28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c)

X-Client-Hash is now getting validated serverside, has to match the passed md5(X-Client-Time+28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c)

possible referer:

 return new C1605g(str, (C1606h) new C1610a().mo5828a(C3376a.HEADER_USER_AGENT, C4396d.f15045a).mo5828a("Referer", "https://app-api.pixiv.net/").mo5829a());

also the same


ok works again with this:

print(s.post(
    'https://oauth.secure.pixiv.net/auth/token',
    data={
        "client_id": "MOBrBDS8blbauoSck0ZfDbtuzpyT",
        "client_secret": "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj",
        "grant_type": "password",
        "username": "username",
        "password": "password",
        "device_token": "pixiv",
        "get_secure_url": "true",
        "include_policy": "true",
    },
    headers={
        'host': 'oauth.secure.pixiv.net',
        "user-agent": "PixivAndroidApp/5.0.156 (Android 9; ONEPLUS A6013)",
        "accept-language": "en_US",
        "app-os": "android",
        "app-os-version": "5.0.156",
        "x-client-time": "2019-09-02T20:51:57+02:00",
        "x-client-hash": "5bb0b1ec0b6e1a86d7dc18dbea2c80bf",
        "content-type": "application/x-www-form-urlencoded",
        "accept-encoding": "gzip"
    }
)

the x-client-time and x-client-hash header have to properly match, else you'll get the 1508 error code

@PixelZerg

This comment has been minimized.

Copy link

commented Sep 2, 2019

Just so you know, this issue doesn't seem to be Python specific, either, as this Java port of this project: https://github.com/ScienJus/pixiv-parser also got the same issue at the same time (it was working yesterday)

@DaRealFreak

This comment has been minimized.

Copy link
Contributor

commented Sep 2, 2019

updated my previous reply:
X-Client-Time and X-Client-Hash header are now required and validated serverside.
X-Client-Time is an RFC3339 converted timestamp
X-Client-Hash consists of:
md5([X-Client-Time]28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c)
so f.e. with X-Client-Time: 2019-09-02T20:51:57+02:00
the X-Client-Hash is: md5(2019-09-02T20:51:57+02:0028c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c)
--> 5bb0b1ec0b6e1a86d7dc18dbea2c80bf

the Authentication works with these headers now again

@roytam1

This comment has been minimized.

Copy link

commented Sep 2, 2019

X-Client-Time and X-Client-Hash header are now required and validated serverside.

oh thanks, I can update my userscript now.

@Redcxx Redcxx referenced this issue Sep 3, 2019

@upbit upbit closed this in 980c68b Sep 3, 2019

upbit added a commit that referenced this issue Sep 3, 2019
Merge pull request #84 from DaRealFreak/fix/pixiv-auth
fix oauth token request for pixiv, fixes #83
@chitosai

This comment has been minimized.

Copy link

commented Sep 3, 2019

My pixivpy was installed with pip, whose version is 3.3.7
Could you tell me how can I upgrade to the latest version that has fixed this problem?

@Asidert

This comment has been minimized.

Copy link

commented Sep 3, 2019

My pixivpy was installed with pip, whose version is 3.3.7
Could you tell me how can I upgrade to the latest version that has fixed this problem?

Maybe pip install pixivpy --upgrade?

@chitosai

This comment has been minimized.

Copy link

commented Sep 3, 2019

My pixivpy was installed with pip, whose version is 3.3.7
Could you tell me how can I upgrade to the latest version that has fixed this problem?

Maybe pip install pixivpy --upgrade?

I've tried, it says requirement satisfied and kept in 3.3.7

@upbit

This comment has been minimized.

Copy link
Owner

commented Sep 3, 2019

Sorry, I haven't verify and bump the version, so the PyPI is still old version.

At this stage, you can install the fix from the source code:

pip uninstall pixivpy

git clone https://github.com/upbit/pixivpy.git
cd pixivpy/
pip install [--editable] .

After updating PyPi, I will fix and close this issue again.

@upbit upbit reopened this Sep 3, 2019

@Asidert

This comment has been minimized.

Copy link

commented Sep 3, 2019

My pixivpy was installed with pip, whose version is 3.3.7
Could you tell me how can I upgrade to the latest version that has fixed this problem?

Maybe pip install pixivpy --upgrade?

I've tried, it says requirement satisfied and kept in 3.3.7

Add this in auth method to headers:
'X-Client-Time': '3000-01-01T00:00:00+00:00', 'X-Client-Hash': '93771864335ef0c8e52db10be563eab3'
In file /usr/local/lib/python/site-packages/pixivpy3/api.py

@chitosai

This comment has been minimized.

Copy link

commented Sep 3, 2019

@upbit @Asidert

It works, thanks for the help!

@Asidert

This comment has been minimized.

Copy link

commented Sep 3, 2019

@upbit @Asidert

It works, thanks for the help!

Say thanks for the headers @DaRealFreak, and update your version after closing this issue.

@chitosai

This comment has been minimized.

Copy link

commented Sep 3, 2019

@upbit @Asidert
It works, thanks for the help!

Say thanks for the headers @DaRealFreak, and update your version after closing this issue.

Sure, and thanks @DaRealFreak :)

@upbit

This comment has been minimized.

Copy link
Owner

commented Sep 3, 2019

Fixed, bump PyPi version to 3.4.0. Please upgrade API using:

$ pip install pixivpy --upgrade

Collecting pixivpy
  Downloading https://files.pythonhosted.org/packages/a9/db/0e0b1ca48e184436289631ed2c6fd6313a93409c493c6af3830531780385/PixivPy-3.4.0-py2-none-any.whl
Requirement already satisfied, skipping upgrade: requests in /anaconda/lib/python2.7/site-packages (from pixivpy) (2.13.0)
Installing collected packages: pixivpy
Successfully installed pixivpy-3.4.0

@upbit upbit closed this Sep 3, 2019

bebound added a commit to bebound/pixiv that referenced this issue Sep 3, 2019
@yeti2018 yeti2018 referenced this issue Sep 6, 2019
0 of 3 tasks complete
BlindJoker added a commit to BlindJoker/Pixiv.ex that referenced this issue Sep 7, 2019
wxt2005 added a commit to wxt2005/image-capture-bot-go that referenced this issue Sep 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.