Logout?

[midicase]

Love the app. Been coding a mod to it, but run into a problem when exiting/restarting and Pandora flagging my account with "Multiple Streams". Pandora is counting the successive calls to login when restarting PB and flags the account thinking it's multiple users. I have to wait a bit for them to age out the error before working again.

Is there a logout routine with Pandora to avoid this?

[PromyLOPh]

I’m not aware of a method to terminate the current session. However the real mobile app (whose API we’re using) probably generates a token with auth.generateAccessToken, saves that and used it instead of the user’s credentials to log in, thus allowing Pandora to (properly) track the number of devices in use. We should probably do the same to avoid this issue. That doesn’t look too compilcated, so do you want to submit a pull request?

[midicase]

I'd be glad to try, but I'm not familiar with snooping on android client. Is really any different than using tcpdump/wireshark? Though I guess the emulator would be easiest?

[PromyLOPh]

You won’t get far with tcpdump. The protocol is encrypted on the application layer.

So your best bet would be my protocol documentation here: https://6xq.net/pandora-apidoc/json/methods/ Unfortunately the required methods (auth.generateAccessToken I believe and auth.userLogin with accessToken) are not documented yet.

The next option is looking at decompiled Java code (here: https://6xq.net/paste/olnapmut.html). Essentially you’re searching for the strings mentioned above and then something like hashtable.put("parameter", "value"). These are the queries you need to build in src/libpiano/request.c. Ping me if you need help with that.

[CrustyBarnacle]

Per Pandora API docs (I do not have a developer account).

curl 'https://www.pandora.com/oauth/v1/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic ' \
  -d grant_type=authorization_code \
  -d redirect_uri="" \
  -d code=

Example response:

{
   "access_token":"eyJ6aXAiOiJERUYiLCJraWQiOi_bs8i2XKP7PM9uwHUKWgEj._TFVXhdZYGW0eY89TtBZGw",
   "token_type":"Bearer",
   "refresh_token":"eyJ6aXAiOiJERUYiL`rizKC5Yew38_u7y_mGiNspC8VsMn6x0xs.FeD5jJc9VHhX_FhVKlk9zw",
   "expires_in":14400
}

[PromyLOPh]

pianobar is using a different API though, not sure if the token generated by oauth are valid for that API.