Hashed Password Does Not Seem To Work For Me Anymore

[terrelsa13]

Anyone else getting urllib.error.HTTPError: HTTP Error 401: Unauthorized? I started getting this after I updated to Emby-Server 4.3.0.30. Seems to be failing when trying to get the access token from the server. I took at look at the emby-server API to see if I could find anything and came across Authenticating A User:

The password must be sent in the body, in three different form fields:

pw - password in plain text password - password in Sha1 passwordMd5 - password in MD5

IMPORTANT - The Emby login API is in a state of transition, and this is why three different forms of the password are required. Beginning April 1, 2018, only the "pw" param will be required. Until then, all three are needed in order to support both newer and older servers.

With this information, I changed my script to skip the sha1 hashing and send the (pw) plain text password. This seemed to fix it for me. Any idea why the hashed password no longer plays nicely with emby?

Changed these two lines:

    #password_hash=hashlib.sha1(password.encode()).hexdigest()
    password_hash=password

    #values = {'Username' : username, 'Password' : password}
    values = {'Username' : username, 'Pw' : password}

@clara-j I have not had a chance to grab emby-server logs and upload them to pastebin yet. If I need to do that, just let me know.

[terrelsa13]

Resolved with merged commit 2f11931. Closing issue.

[terrelsa13]

@clara-j I figured out why sending only the hashed password stopped working for me. Turns out the API calls for both "Pw" and "Password". Updating the values variable in get_auth_key() from:

    values = {'Username' : username, 'Password' : password_sha1}

to

    values = {'Username' : username, 'Password' : password_sha1, 'Pw' : password}

has done the trick.

With that said, do you have any desire to go back to storing the sha1_password and getting a "new" access token every time? Or are you cool with keeping it the way it is now?