Extra parameter needed not in documentation?

[thewithz]

When using method auth.userLogin I am getting an error code 4 _URL_PARAM_MISSING_PARTNERID. The documentation says that you only need 5 parameters, the method name, the login type, username, password, and partnerAuthToken. But when I send { "loginType" : "user", "username" : "uname", "password" : "passwd", "partnerAuthToken" : "token"} to http://tuner.pandora.com/services/json/?method=auth.userLogin it still says I am missing a parameter.

I've tried to send to http://tuner.pandora.com/services/json/?method=auth.userLogin&partnerId=id as well but this also fails.

[PromyLOPh]

auth_token is missing, see https://github.com/PromyLOPh/pianobar/blob/master/src/libpiano/request.c#L105

[thewithz]

I'm a bit confused because in this instance, isn't the auth_token url parameter the same as the partnerAuthToken you send via the json? Or are they different? I'm sending to _https://tuner.pandora.com/services/json/?method=auth.userLogin&auth_token=token&partner_id=id_ now and it is returning an error code 0.

EDIT: Never mind, I see now why I need auth_token however I'm still baffled as to why I am receiving an error code 0.

EDIT 2: leaving partner_id blank gives an error code 1010. So that part is working normally.

[PromyLOPh]

As far as I see you’re also missing the syncTime key in your JSON request.

[thewithz]

Ok I understand what I'm doing wrong now. Sorry for the confusion!

[thewithz]

I'm sorry to bother you again, but this is just unbelievably frustrating. I keep receiving error code 0 when trying to log in as a user. I am sending this json: { "syncTime": 1872069792, "password": "*********", "loginType": "user", "partnerAuthToken": "token", "username": "*****@gmail.com" } where syncTime is the (current time of partner log in minus the decrypted time) plus current time of user log in my URL is this https://tuner.pandora.com/services/json/?method=auth.userLogin&auth_token=TOKEN&partner_id=ID

[brunoescalona-zz]

Hi! I am having the same issue that you. I don't know who to obtain the auth_token parameter for the url. Is it the same as the partner authentification token?

[PromyLOPh]

@TheWithz: Alot of implementations are available already, have a look at https://6xq.net/pandora-apidoc/json/implementations/ Either one of these already fits your needs or you can look at their requests and figure out what exactly is different from yours. Error 0 is pretty generic and I don’t know what is wrong at the moment. Are you encrypting the HTTP POST body?

@brunoescalona: auth_token is the same as partnerAuthToken for this request. Make sure special chars are urlencoded.

[brunoescalona-zz]

@PromyLOPh Thank you for the response. @TheWithz are you still having the same issue with the syncTime? Could you give me an example to calculate that parameter? (I have no idea how to decrypt the time obtained from Pandora).

[thewithz]

@brunoescalona I used something called Blowfish to decrypt the sync time. What language are you using?

@PromyLOPh I'm writing an API wrapper in Java, because there is none yet, and I want to interface it with another Java project I am working on. I encrypted the JSON post body with the partner password listed in the API doc. Was there a different encryption I am supposed to be using?

[brunoescalona-zz]

@TheWithz right now I am not using any language. I want to implement it in Node.js but at the moment I am trying to obtain as much info as I can. At the moment I am using POST request by hand with POSTMAN tool, but I am not able to obtain any results. Just the partner authentication. In the login request I get the 0 error code. I am stucked right now.

[PromyLOPh]

encrypted the JSON post body with the partner password listed in the API doc. Was there a different encryption I am supposed to be using? Nope, just checking.

[thewithz]

Just to clarify in case I'm getting this wrong, am I supposed to encrypt the final json or each key value pair individually

[PromyLOPh]

The entire request body:

Unless noted otherwise JSON-encoded requests sent by the client within the HTTP POST body are encrypted using Blowfish ECB and converted to hexadecimal notation with lowercase letters. -- https://6xq.net/pandora-apidoc/json/

[brunoescalona-zz]

@TheWithz Hi, How do you get the syncTime decoded exactly? I am using blowfish with the partner password as key but I can't get a time. I am using blowfish.

[thewithz]

@brunoescalona at first I got it working, but now two weeks later I am receiving error code 13s on any command i try to run. I think it might have something to do with the fact that Pandora's website got updated... I don't want to show you code that doesn't work.

[brunoescalona-zz]

@TheWithz ok! but I would like just to know how did you do the decoding stuff I was trying to obtain something valid but I just get incoherent data and numbers....

[FireController1847]

@brunoescalona I'm trying to do the same and create a Node.js API. Have you gotten past the Code 0 error? If so, how did you fix it? If you have Discord I'd love to talk to you about it! Add me, FireController1847#3577

[brunoescalona-zz]

@FireController1847 sorry for my delay. No at the moment I have stopped that project but I am still stucked in that point. I can obtain the partner login but I am not able to decode properly the syncTime.

[FireController1847]

@brunoescalona Aww, alright.

[brunoescalona-zz]

@FireController1847 here I have all the code I did for the partner authentication but I could not do the login. Just it is usefull for you.... pandora node.js If you can decode the syncTime or make some advance just let me know please :)

[FireController1847]

@brunoescalona I was able to decode syncTime using the blowfish module you were talking about. Maybe you were having issues for it? Even with syncTime, I couldn't get past the Code 0 error on Postman.

[PromyLOPh]

Looking at request.js, you’re using the wrong password to decrypt the syncTime. You need the “decrypt password” listed here: https://6xq.net/pandora-apidoc/json/partners/#partners

[FireController1847]

It's be great if you guys could talk about this on me within Discord. Add me, my name is FireController1847#9085 @PromyLOPh @brunoescalona

[brunoescalona-zz]

@PromyLOPh Thank you!!!!!! I didn't see the decrypt password and I was using the password itself. @FireController1847 how are you obtaining the syncTime? Are you using just the decoded syncTime or are you using this formula? Maybe that could solve the problem:

https://6xq.net/pandora-apidoc/json/

Synchonized time. Calculation: current time + (time of Partner login request – syncTime from Partner login response). This is a protection against replay-attacks.

[FireController1847]

@brunoescalona @PromyLOPh I'm doing exactly what's in the image above. This is the data I am sending. To be honest, I'm probably missing something very obvious.

[brunoescalona-zz]

@TheWithz Are you sending the Body encoded? I think in the user login you should send it encoded.

Unless noted otherwise JSON-encoded requests sent by the client within the HTTP POST body are encrypted using Blowfish ECB and converted to hexadecimal notation with lowercase letters.

[brunoescalona-zz]

My user brunoescalona#0787

[FireController1847]

@TheWithz How did you fix that damn Code 0 error? @brunoescalona I've moved on from the Code 0 error to a... Code 1001? How the hell do you get a code 1001 on a user login?! I loop through the key of every object and encrypt it that way. Then the object ends up being stuff like {"loginType": "EE1EE3EBFD..."}

[brunoescalona-zz]

@FireController1847 hi I left the project time ago haha. I could not connect so I just leave it at the end.

[FireController1847]

@brunoescalona I keep leaving it but then I keep coming back thinking I'll do it this time.... of course, every time I do it I just receive the same ol' Code 0 error. Until recently, when I figured out something extremely important: We were encrypting incorrectly.

[brunoescalona-zz]

@FireController1847 why we were encryting incorrectly?

[FireController1847]

@brunoescalona When we had the object, we did not need to stringify it and then encrypt it, but instead we needed to encrypt every value within the object. Here's an example below.

let userLoginInfo = {
  "loginType": "user",
  "username": "XXX@gmail.com",
  "password": "XXXXX",
  // "incluePandoraOneInfo": true,
  // "includeSubscriptionExpiration": true,
  // "returnCapped": true,
  // "includeAdAttributes": true,
  // "includeAdvertiserAttributes": true,
  // "xplatformAdCapable": true,
  "partnerAuthToken": res.partnerAuthToken,
  "syncTime": calcdSyncTime
}

to...

Encrypted User Login Info: {
  "loginType": "EE1EE3EBFD757FCA",
  "username": "XXXX",
  "password": "XXXX",
  "partnerAuthToken": "F64EAFC5B1FA3A2C7388867A53FA787B7596A4F3E34A403BF6A8A942F41E1DFA1A00444A886473BB",
  "syncTime": null
}

[brunoescalona-zz]

@FireController1847 ok I understand.... so when I have time I will try it again.

[FireController1847]

@brunoescalona I'll be on Discord if you want to chat. FireController1847#9085

[brunoescalona-zz]

@FireController1847 ok! if I have time I will connect. :) thank you!

[abreksa4]

Seeing an error 9 with the following request after a successful partner login:

{"loginType":"user","username":"xxxxx@xxxxx.xxx","password":"xxxxxxxx","partnerAuthToken":"xxxxxxxxxxxx","syncTime":0}

array(3) {
  ["auth_token"]=>
  string(34) "xxxxx"
  ["partner_id"]=>
  string(2) "xx"
  ["method"]=>
  string(14) "auth.userLogin"
}

Where partnerAuthToken and auth_token are the value returned from the successful partner login.

Any thoughts? Not sure if 0 is a valid syncTime value, but wouldn't think error 9 would be the response in that case.

[FireController1847]

@abreksa4 SyncTime cannot be 0, it's a built number using Date.now() and something else (for JS). It's been so long, though, that I can't remember. Sorry :(

[abreksa4]

@FireController1847 No problem, thanks for the pointer. Looks like my application (read: environment) was encrypting/decrypting the data incorrectly. syncTime is no longer zero, but getting a 1002 error now (INVALID_PARTNER_LOGIN) while using the info provided in the docs here for partner credentials, same as the rest of the implementations I've looked at.

Anyone experiencing that? Not really under the scope of this ticket, but figured I'd mention it while I try to work it out.

[PromyLOPh]

Which partner credentials are you using? These work fine for pianobar: https://6xq.net/pandora-apidoc/json/partners/#android

[abreksa4]

@PromyLOPh I'm using the android credentials as well, though I cycled through the rest of the available sets and got the same error, so thinking it's an issue on my end if other projects are using them successfully.

[abreksa4]

Alright, figured since I got this resolved I'd post the results here.

Turned out to be an issue with PHP 7.2 dropping mcrypt, and the ensuing headaches caused by trying to use openssl instead.

Asked the question on freenode in ##php, and was pointed at http://php.net/manual/en/function.openssl-encrypt.php#121545 within 20 minutes, courtesy of Sammitch.

Used the magic methods included in that comment and now the api calls are working.

Link to the updated php library fork for anyone interested: https://github.com/abreksa4/php-pandora-api

[FireController1847]

@abreksa4 You're saying your PHP library is working. Do you mind talking with me on Discord or Email so I can try and get past the userLogin? I'm still getting Code 0. Add me on Discord FireController1847#3577 or email me at contact@visualfiredev.com, as if you could give me some tips and questions that would be amazing (rather than me trying to decode your PHP library, one of the few languages I understand unlike C, Python, and C# xD)

[FireController1847]

Scratch that on that last comment. I cannot believe it, but I finally got it to work. Thank you everyone who was part of and helped in this thread (even though it's not mine xD)!