Login from website

[gjroots]

Feature request

I'm submitting a proposal to ...

• [ *] new feature
• [ ] change an existing feature

Describe your request

Recently that Netflix implemented login without sharing details on TV . like other OTT platform out their . Login from website .

In TV latest version OF NETFLIX finds the login from website . it will show the login code . then goto link and enter Code will login in TV .

Development tips

I think this method is to implement will be makes easier to login and without making any error . PRESENT password logins makes some time errors. So this will make lots simpler

The security of Netflix also making stronger so that's way maybe this method will make to login easier

Specific details

Go to link >>> https://www.netflix.com/tv8

Screenshots

[CastagnaIT]

this is interesting i will try to see when i will have some free time

can you say me also what is your tv brand/model where you took the login code number?

[gjroots]

Well .. ONPLUS TV

Android 9 os

Code will captured in TV during login it shown .

I test all other brand android TVs of my friends .it works . first update the Netflix app in ANDROID TV you will get ""Sign in from website"" OPTION .

Then you click on it it will sows the login code then you login to your account and enter in site .

I UPDATED MY Netflix app then I saw the newly option appear .. Then I tried and so I posted hear.

In old app version only enter "email and password " are present but the newly version has this new options.

Just . click this link you find enter code screen

https://www.netflix.com/tv8

[npmstart-pray]

Adding this functionality to the addon would be simply fantastic.

[CastagnaIT]

i have tried on my Samsung smarttv (not android but Tizen os) but unfurnately this feature is not available here i think this is limited to Android TV app I don't currently have an AndroidTV device to test it

but i could try to do an addon test where you can test it, although not having the situation at hand could be more difficult to me

[gjroots]

Yaa I think it difficult situation. ... If you have any android box or maybe Android firestick then i think you test will easy instead of android TV

Cause android play store is same as TVs and firesticks and same apps

[CastagnaIT]

yes i am thinking of buying a Firestick for its low price but i'm waiting to see if a new 4k model comes out

[jakermx]

I notice that my Android TV x86 and my Rokus, can do that....what do you need @CastagnaIT ...

I was thining to do some network traces and log all activity with a Proxy Server..

just ask, and I will do it

[CastagnaIT]

The proxy is not needed, to now i need only the regular network browser activity from: before opening the website page, until after inserted the pin to login in website (that i do not know what happen, will be opened the profiles page ?)

but save the network activity as HAR file (better with firefox) will include also the cookies then you have to change the pw to invalidate the saved cookies and avoid divulgate your login data if you want really do this, for your safety suggest you to send me the HAR file to my email and not attach the file here

The only side effect, like the NFAuth way, is that i still need to ask the password, due to MSL API website limits (the email is automatically parsed). Ask the user/pw could be avoided but only if the add-on is not running on android devices, in theory you could modify the code to not ask for the pw (except android of course), but it requires a bit of work to modify some aspects of control

I have found also that the migration to HTTP/2 seem to full solve the problems of login with user/pw (see the Pull request) but is currently an experimental test

UPDATE: HTTP/2 has been implemented, but solve partially, so e.g. in my country is possible to login (with user/pw) without problems, in other countries still not works.

[Genxster1998]

I am still waiting for it's development .

[Genxster1998]

@jakermx how android tv x86 working for you , which rom is it ?

[CastagnaIT]

I am still waiting for it's development .

is needed an smarttv with an updated netflix app that support the option "Login from website" in order to analyze the communications between tv and netflix servers, if you can understand even partially addresses and request/response data could be possible try to do some tests my smarttv does not support it and i have short time for this, who wants to contribute can give information and tests or also the full implementation

[Genxster1998]

I am still waiting for it's development .

is needed an smarttv with an updated netflix app that support the option "Login from website" in order to analyze the communications between tv and netflix servers, if you can understand even partially addresses and request/response data could be possible try to do some tests my smarttv does not support it and i have short time for this, who wants to contribute can give information and tests or also the full implementation

Unfortunately i do have Smart TV only without netflix certified ESN so no TV version app works for me .Yeah i could have captured packets bypassing certificate pinning with frida and root.

[Falke-Design]

I would be open to dig into this but if there is no way around the "Authentication key" login, then it makes no sense. @CastagnaIT what do you think? Is it worth to dig into it?

[CastagnaIT]

i left opened this issue to allow someone investigate for the possibility of implementation of the login sign in code i dont have smarttv for this and also don't have much time to devote on this

in short there is to understand how the app check when the user confirm the sign in code on the website page and then get the cookies, maybe it could also help also decompile apk

some services work like this, an endpoint to query at some interval of time and that this provides the login data it is possible that Netflix is also similar, but with a few more difficulties, like usual custom encryptions, and i hope no recaptcha protection required, otherwise we have the same problem as regular login (user+pw)

[Falke-Design]

To document the process in the browser. I can't share the cookie details so I will try to look into it by my self.

https://github.com/CastagnaIT/plugin.video.netflix/assets/19800037/7fcaf525-f179-4b10-bcf2-5332845ef249

https://www.netflix.com/tv8

For me it is https://www.netflix.com/tv9

i hope no recaptcha protection required

[Falke-Design]

I tried to decompile the apk but I had no success of finding what is happening. I also tried to sniff into the web requests from the tv but I had no luck to log the requests how the number is generated. If wanted I can share the apk but it is to big to attach here

[CastagnaIT]

please dont attach here decompiled apks here, could be a foothold for lawyers...i am able to do decompilation

i hope no recaptcha protection required

it is not easy to find something, the login page is protected is known, but there is to check if also recaptcha is required also for the requests needed for this login type, more likely later time, since we don't even know the endpoints used or else, so you can start is to check the endpoints invoked with this operation likely the tvapp have a verification interval data exchange to listen if/when the login made by the web

I didn't check any more, maybe this kind of login has also been added to regular android tv apps? if so is it possible that I can check with my shield more easy way but right now i don't have time also for this

[CastagnaIT]

i close the Issue since recent website changes with reCaptcha prevent also to get the authURL code needed to do login request