Closed ribizli closed 5 months ago
@MaxKellermann any opinion on this?
I don't know oAuth. Why is oAuth not possible in MPD?
because oAuth requires the user to get forwarded to a Tidal login page.
On Tue, 4 Jun 2019, 17:45 Max Kellermann, notifications@github.com wrote:
I don't know oAuth. Why is oAuth not possible in MPD?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/MusicPlayerDaemon/MPD/issues/545?email_source=notifications&email_token=AAHYWWO6X5JSG4ZOB3JS343PY2E2HA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW476OA#issuecomment-498728760, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYWWIBMYPM63WVG4HC2SDPY2E2HANCNFSM4HLJRE6Q .
Hm, that sucks. Are there other Tidal players which don't have a built-in web browser?
Hallo Max,
show upmpdcli
there is a upmpdcli-tidal plugin. it works https://opensourceprojects.eu/p/upmpdcli/code/ci/5fbea55f973ed222cd3e635440500025626fd074/tree/
another from Artur
They (Tidal) stated that in the future only the OAuth token based API calls will work. The solutions posted by @marcbth are still using username/password login. The old API tokens issued earlier are still working.
there is a upmpdcli-tidal plugin. it works
Apart from being illegal (because it links a proprietary library from Spotify), upmpdcli uses the old username/password protocol, just like MPD.
my issues #572
so my problems come from that?
ompd of arthur uses an old script. registration works and tidal is searchable. I have inserted the x-token-tidal and the registration schent yes to work.
or has changed in tidal now what or mpd?
sorry for my stupid questions
cliff
they don't issue tokens anymore. just oAuth secrets, so you cannot call the login API either.
On Tue, 4 Jun 2019, 18:43 marcbth, notifications@github.com wrote:
my issues #572 https://github.com/MusicPlayerDaemon/MPD/issues/572
so my problems come from that?
ompd of arthur uses an old script. registration works and tidal is searchable. I have inserted the x-token-tidal and the registration schent yes to work.
or has changed in tidal now what or mpd?
sorry for my stupid questions
cliff
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/MusicPlayerDaemon/MPD/issues/545?email_source=notifications&email_token=AAHYWWNI466IBBNTESVEMYDPY2LSXA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW5FM3A#issuecomment-498751084, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYWWM7Y6NC7HHJIJGT56LPY2LSXANCNFSM4HLJRE6Q .
then I do not understand that I still can log in upmpdcli or ompd me and play tidal.
is there an alternative to use tidal natively in mpd then again?
I want to get away from the whole upnp
cliff
And I can still play Tidal natively with MPD. So, what's really wrong? What is this issue report really about? Is there a real problem, or is there only an announcement by Tidal of future deprecation?
you have a legacy token which works
On Tue, 4 Jun 2019, 18:51 marcbth, notifications@github.com wrote:
then I do not understand that I still can log in upmpdcli or ompd me and play tidal.
is there an alternative to use tidal natively in mpd then again?
I want to get away from the whole upnp
cliff
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/MusicPlayerDaemon/MPD/issues/545?email_source=notifications&email_token=AAHYWWN2JC5XFVNTOUMDR6TPY2MQTA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW5GDLY#issuecomment-498753967, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYWWLLDYXAEEBWHBKHLNLPY2MQTANCNFSM4HLJRE6Q .
yes i have. i have a tidal account.
can i write a private email to you in german?
you have a legacy token which works … On Tue, 4 Jun 2019, 18:51 marcbth, @.***> wrote: then I do not understand that I still can log in upmpdcli or ompd me and play tidal. is there an alternative to use tidal natively in mpd then again? I want to get away from the whole upnp cliff — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#545?email_source=notifications&email_token=AAHYWWN2JC5XFVNTOUMDR6TPY2MQTA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW5GDLY#issuecomment-498753967>, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYWWLLDYXAEEBWHBKHLNLPY2MQTANCNFSM4HLJRE6Q .
or a call?
so, you can steal a token (as MPD docu suggests), but this is illegal. So we contacted Tidal for a token, and they rejected, login/session API is deprecated, we could use oAuth only. I cannot describe it better, sorry.
do not want to do anything illegal. it would be a shame if tidal were not possible anymore.
if you have tidal as a contact person?
I also like to try it. because I actually have good relationships in the German hifi high end scene or manufacturers.
it is tidal also helped, concerning the further spread.
I can contribute the api or documentation for highresaudio streaming including, of course, an access.
Try Pål Bråtelund / pal.bratelund@tidalhifi.com
On Tue, Jun 4, 2019 at 1:26 PM marcbth notifications@github.com wrote:
do not want to do anything illegal. it would be a shame if tidal were not possible anymore.
if you have tidal as a contact person?
I also like to try it. because I actually have good relationships in the German hifi high end scene or manufacturers.
it is tidal also helped, concerning the further spread.
I can contribute the api or documentation for highresaudio streaming including, of course, an access.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MusicPlayerDaemon/MPD/issues/545?email_source=notifications&email_token=AAH3E4QWZZYXSQE7HHXBXRDPY2QUBA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW5JEMA#issuecomment-498766384, or mute the thread https://github.com/notifications/unsubscribe-auth/AAH3E4ROBJZT7MOMBLV6COTPY2QUBANCNFSM4HLJRE6Q .
Thank you. I will contact him
let us know what you found out from him
On Tue, 4 Jun 2019, 19:38 marcbth, notifications@github.com wrote:
Thank you. I will contact him
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/MusicPlayerDaemon/MPD/issues/545?email_source=notifications&email_token=AAHYWWNNKR6WG7QQMXFWUYDPY2R7TA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW5KFDA#issuecomment-498770572, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYWWNZQQCJF7WXFZG4OWTPY2R7TANCNFSM4HLJRE6Q .
I contacted Tidal to ask for access to the API for use in Strawberry, but simply got: "Unfortunately we do not share our API." I'm using one of the android tokens and logins recently stopped working, fixed it by switching to https://api.tidalhifi.com/v1/login/username (I was using listen.tidal.com previously).
@jonaski you need to get a developer account, then you get access to all needed documentation (including API, and OAuth stuff). We have already got such an account so definitely there is an official way to use their API.
My original message/issue still valid: username/password login (aka session based access) is not allowed for new users. You need an access JWT token to access the Tidal backend. This JWT token also replaces the API token used before (this also means, you need a Tidal user account to browse metadata, too).
@ribizli How do I get a developer account?
@jonaski https://developer.tidal.com/ "Access to this portal is by invitation only, and requires an agreement between the parties."
Some quotations from emails I've got from Tidal:
On the developer portal there is a long list (in Excel) of points the test during QA. They mostly compare the results with their GUI. We have different GUI (limited, different navigation and views), so I'm already afraid about the QA.
Postponed until Tidal shares documentation. If that doesn't ever seem to happen, the plugin will be removed.
@MaxKellermann they won't share until you ask for it actively.
In the meanwhile I've implemented the process in our project, and I see, MPD couldn't/shouldn't handle the process on its own.
I see however a possible solution:
Authorization: Bearer <token>
header instead of the X-Tidal-Token
, X-Tidal-SessionId
tuple. The same API endpoints can be used, but different headers.POST
request has to make with the following form parameters:
refresh_token
client_id
: this is issued by Tidal instead of X-Tidal-Token
client_secret
: this is issued by Tidal instead of X-Tidal-Token
token
, username
and password
. MPD decides depending on which 3 parameters are configured.
SessionId
(and the username/password login) MPD need to maintain (get initially, refresh if expired) an access JWT token I think this is a small change in the current implementation (As far I managed to read it). Unfortunately I'm not a C++ developer, so I cannot provide with a PR to move this topic further.
Let me share a copy of the related documentation since I have access to Tidal's developer site. renew API (PDF)
It uses standardized OAuth protocol. I've already implemented it in Strawberry, but using the client_id from Windows the streams are encrypted. I don't think Tidal would approve an open source project where the client id can be seen in the source code. And without the client id no-one can use it. I don't know much about MPD, but the client (frontend) needs to authorize using a web browser, then the login page at Tidal will redirect to: tidal://login/auth with an code in the query which is used to request the access token needed to use the API. So the client could probably send the code to MPD through the MPD network protocol where MPD requests the final access token. Strawberry gets registered as the url schema handler for tidal which let's the web browser pass the code through the strawberry command line options, it uses singleapplication to message the active process with the code needed to obtain the access token. You can look at how I've done it, I send the request here: https://github.com/jonaski/strawberry/blob/master/src/tidal/tidalservice.cpp#L238 Then I receive the URL with the code here: https://github.com/jonaski/strawberry/blob/master/src/core/mainwindow.cpp#L1918 Then it emits a signal to the tidal service with the URL which obtains the access token here: https://github.com/jonaski/strawberry/blob/master/src/tidal/tidalservice.cpp#L272
FWIW I was just able to log in to Tidal via a POST to https://api.tidalhifi.com/v1/login/username. I used this token: "GvFhCVAYp3n43EN3", which I believe is from the iOS app.
That Token just worked for me.
FWIW I was just able to log in to Tidal via a POST to https://api.tidalhifi.com/v1/login/username. I used this token: "GvFhCVAYp3n43EN3", which I believe is from the iOS app.
It worked, thank you very much
https://github.com/FUFRUnidentifiedFLACRipper/python-tidal-async-oauth2 I implemented client_id extraction from .apk file for android. There's no encryption of files sent to android app :3 Feel free to steal it from me - the code will be AGPL later.
How about an oauth device flow? Or just use the FireTv api key. It is drm free and has the legacy login enabled. I have completely reverse engineered the TIDALAPI: https://github.com/openTIDAL/docTIDAL/wiki/auth-token https://github.com/openTIDAL/docTIDAL/wiki/auth-device_authorization https://github.com/openTIDAL/docTIDAL/wiki/API-Keys
I can imagine an external tool to play the device flow through and get a refresh token. The refresh token has a very long validity, so one needs to get it once, and configure into the plugin. The plugin only needs to get a fresh access token if the previous expired (I already proposed this solution above).
Of course the plugin could implement the whole flow, but MPD isn't meant to be used interactively, so where to get the auth code (the four characters to enter on the tidal website) from...
Finally my solution was to create a proxy (http server) which cares about the auth, and provides a source for the curl plugin. (like: http://localhost:8080/tidal/
I nearly finished my TIDAL C Library with an integrated access_token refresh thread and nearly 100% API coverage. During the setup the user receives a 5 digit code. He authorizes the client via link.tidal.com. The access_token lasts 7 Days. But you can refresh it at every time with the refresh_token. At some point I will publish all 10 DRM-Free client_ids and client_secrets that I gathered from de-compiling Apps. https://github.com/openTIDAL/docTIDAL/wiki/Authentication
@DerNuntius it would probably be better to public method of gathering them, not making them directly public ;)
Yep, that's why I've removed them. A chinese ripping tool used them and I don't support that.
On Thu, Nov 19, 2020 at 7:12 AM JuniorJPDJ notifications@github.com wrote:
@DerNuntius https://github.com/DerNuntius it would probably be better to public method of gathering them, not making them directly public ;)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MusicPlayerDaemon/MPD/issues/545#issuecomment-730153200, or unsubscribe https://github.com/notifications/unsubscribe-auth/AK35JFDEUOAIC572IJ6ADM3SQSZLFANCNFSM4HLJRE6Q .
Closing, Tidal plugin was removes since ver 0.22.10
Hi,
we tried to get an official API token from TIDAL, it seems to be possible anyway. But they don't support username/password login anymore, one need to use oAuth alternatives (they provide three).
I see, that implementing the oAuth flow in MPD is not possible, but maybe there should be a way to pass a valid
access token
to MPD.E.g. I can imagine a file with the token on a path configured for the plugin. The plugin reads the file, (optionally) checks for validity (needs base64 decoding and JSON parsing) and uses the token instead of
session_id
.Alternatively also supporting refresh token process?
Please share your thoughts.