simple request to download video asks to read secrets in keychain and chrome safe storage on mac

[SachitNayak]

Hi,

I have a very simple piece of code, that when executed seems to escalate to ask to read secrets in chrome safe storage and keychain on mac.

code is:

import pyktok as pyk
pyk.specify_browser('chrome')

def download_trending_videos(tag_val="datascience"):
    pyk.save_tiktok_multi_page(f'https://www.tiktok.com/tag/{tag_val}?lang=en', save_video=True, save_metadata=False)

if __name__ == "__main__":
    download_trending_videos("datascience")

and the dialog box that pops up asking to read secrets is shown in the attached screenshot:

what secrets/password is it asking to read and will it be able to read my critical passwords stored on chrome?

Thanks

[JBGruber]

I wondered how Pyktok solves authentication and investigated it a little while back: the password is needed to decrypt your chrome cookies, which are needed to authenticate to TikTok. Pyktok uses browser_cookie3 for that. These are the lines which lead to the pop-up:

https://github.com/borisbabic/browser_cookie3/blob/53fa5e30a86216ca2064b129b259fa87509b03dd/browser_cookie3/__init__.py#L101C1-L111C23

My understanding is that the password is needed to decrypt the cookie jar and that this is a relativly secure way to deal with it. If you don't trust browser_cookie3, you should check the code yourself. Or you can use Firefox instead, which does not encrypt the cookies and hence your password is not read by Python.

[dfreelon]

@JBGruber is correct, this is a Chrome issue on MacOS, browser_cookie3 needs your password to read the encrypted cookies that let you get the goods. Your options are to give it what it needs or use a different browser that doesn't encrypt its cookies.