search

RaunoT / plex-rewind

Present Plex user statistics and habits in a beautiful and organized manner.
GNU General Public License v3.0
155 stars 7 forks source link

Unable to log in to Plex #108

Closed nwithan8 closed 2 months ago

nwithan8 commented 2 months ago

Plex Rewind Version

main (2024-07-14) (v2.0.0)

Description

Cannot authenticate with Plex

Steps to reproduce

  1. Install v2.0.0 (main) Docker container
  2. Configure Tautulli and TMDB settings
  3. Get to "Log in with Plex" screen
  4. Click "Log in with Plex" button
  5. Immediately get "Unable to complete this request" warning message.

Screenshots

image

Logs

No relevant log statements

Platform

desktop

Device

MacBook

Operating System

MacOS 14.2

Browser and version

Chrome 127

Additional context

Potentially barking up the wrong tree, but comparing the authentication payloads of Plex Rewind with other Plex-authenticating appls like Tautulli and Overseer.

In Plex Rewind, the payload sent to the "pins" endpoint:

curl 'https://plex.tv/api/v2/pins' \
  -H 'accept: application/json' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'dnt: 1' \
  -H 'origin: http://172.168.1.27:8383' \
  -H 'priority: u=1, i' \
  -H 'referer: http://172.168.1.27:8383/' \
  -H 'sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' \
  --data-raw 'strong=true&X-Plex-Product=Plex+Rewind&X-Plex-Client-Identifier=plex-rewind'

versus Tautulli

curl 'https://plex.tv/api/v2/pins?strong=true' \
  -X 'POST' \
  -H 'accept: application/json' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'content-length: 0' \
  -H 'dnt: 1' \
  -H 'origin: http://localhost:8181' \
  -H 'priority: u=1, i' \
  -H 'sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' \
  -H 'x-plex-client-identifier: f1add0d7-a936-47fc-b863-a874a9faee94' \
  -H 'x-plex-device: OS X 10.15.7 64-bit' \
  -H 'x-plex-device-name: Chrome (Tautulli)' \
  -H 'x-plex-device-screen-resolution: 1792x1120' \
  -H 'x-plex-language: en' \
  -H 'x-plex-model: Plex OAuth' \
  -H 'x-plex-platform: Chrome' \
  -H 'x-plex-platform-version: 127.0.0.0' \
  -H 'x-plex-product: Tautulli' \
  -H 'x-plex-version: Plex OAuth'

Specifically, in Tautulli, the Client Identifier is sent in the X-Plex-Client-Identifier header (in combination with the X-Plex-Version: Plex OAuth header) rather than as a query parameter. The identifer is also a proper UUID, compared to the word "plex-rewind" in Plex Rewind. I believe the Plex Client Identifier needs to be a UUID (related note from Tautulli developer) Relevant source code in Tautulli: https://github.com/Tautulli/Tautulli/blob/7d00383d1ca10d4af058e4308951ab80d537b757/plexpy/http_handler.py#L50 https://github.com/Tautulli/Tautulli/blob/7d00383d1ca10d4af058e4308951ab80d537b757/data/interfaces/default/js/script.js#L617

RaunoT commented 2 months ago

Thanks for the in-depth report and references, definitely something to look into. Could you inspect the URL you are redirected to for the login? Please adjust any secrets/sensitive data, just curious about the structure mostly.

E.g https://app.plex.tv/auth/#?clientID=plex-rewind&code=dgvwsixc99hfb360kscxrd&forwardUrl=https%3A%2F%2Fmy.domain.eu%3FplexPinId%316674898&context%5Bdevice%5D%5Bproduct%5D=Plex%20Rewind

cartfisk commented 2 months ago

I'm experiencing the same issue.

URL is as follows: https://app.plex.tv/auth/#?clientID=plex-rewind&code=<CODE>&forwardUrl=http%3A%2F%2Flocalhost%3A8383%3FplexPinId%<PIN>&context%5Bdevice%5D%5Bproduct%5D=Plex%20Rewind

bpwats commented 2 months ago

I have the same issue

https://app.plex.tv/auth/#?clientID=plex-rewind&code=xxxxxxxxxxxxxxxxxxxxxxxxx&forwardUrl=http%3A%2F%2Flocalhost%3A8383%3FplexPinId%3Dxxxxxxxxxx&context%5Bdevice%5D%5Bproduct%5D=Plex%20Rewind

URLdecoded https://app.plex.tv/auth/#?clientID=plex-rewind&code=xxxxxxxxxxxxxxxxxxxxxxxxx&forwardUrl=http://localhost:8383?plexPinId=xxxxxxxxxx&context[device][product]=Plex Rewind

parts of URL redacted with x

I found the solution: instead of localhost, use the internal ip in the Docker for the Site and Authentication URLs. In my case, it is http://192.168.25.83:8383. If you have a Docker custom network, you could also use the Docker container name Plex-Rewind, I suppose.

I use plex-rewind on UnRAID, so by default the template via Community Applications is not entirely correct.

RaunoT commented 2 months ago

Good catch @bpwats! Indeed when looking at the payload posted by @nwithan8, you can see that the origin and referrer are both http://172.168.1.27:8383

The NEXTAUTH_URL and NEXT_PUBLIC_SITE_URL should both match this in docker-compose.yml

RaunoT commented 2 months ago

:tada: This issue has been resolved in version 2.0.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

nwithan8 commented 2 months ago

I use plex-rewind on UnRAID, so by default the template via Community Applications is not entirely correct.

I'm working to fix that right now. If you could share your config, that would be great.

EDIT: Was a simple enough fix. The Unraid template update should populate within 2 hours.

bpwats commented 2 months ago

@nwithan8 I can confirm the Unraid template now shows a local IP address, instead of ‘localhost’.