400 error on login.

[alanranciato]

Have tested creds on spotify web player as well as spotify dev portal, but still getting the following error:

"400 Client Error: Bad Request for url: https://accounts.spotify.com/api/login"

configuration in configuration.yaml is:

spotcast:
  username: !secret spotify_username
  password: !secret spotify_password
  accounts:
      alan:
        username: !secret spotify_username
        password: !secret spotify_password

Have tried with and without the accounts: section. Made sure both secrets and config don't contain any leading/trailing spaces or other characters.

Running hass.io .108.9 and spotcast 2.91 (says 2.92 is available but requires hass .109 (which isn't available yet). Ubuntu 18.04 on NUC.

[Mee2001]

This problem started just over a day ago, after spotify forced me to reset my password due to suspicious activity on my account. This still happens with my new password.

400 Client Error: Bad Request for url: https://accounts.spotify.com/api/login Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 134, in handle_call_service connection.context(msg), File "/usr/src/homeassistant/homeassistant/core.py", line 1232, in async_call await asyncio.shield(self._execute_service(handler, service_call)) File "/usr/src/homeassistant/homeassistant/core.py", line 1259, in _execute_service await self._hass.async_add_executor_job(handler.func, service_call) File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/config/custom_components/spotcast/init.py", line 165, in start_casting access_token, expires = get_spotify_token(username=user, password=pwd) File "/config/custom_components/spotcast/init.py", line 84, in get_spotify_token data = st.start_session(username, password) File "/usr/local/lib/python3.7/site-packages/spotify_token.py", line 75, in start_session _login(session, cookies, username, password, token) File "/usr/local/lib/python3.7/site-packages/spotify_token.py", line 33, in _login response.raise_for_status() File "/usr/local/lib/python3.7/site-packages/requests/models.py", line 941, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://accounts.spotify.com/api/login

Running spotcast 2.9.0 and hass.io 0.108.9. Tested with .109.0b3 and had the same result. RPi 4 running 4.19.115-v7l+ with docker

[tlindener]

Issue seems to be related to this: https://github.com/enriquegh/spotify-webplayer-token/issues/6

[treecamp]

This problem started just over a day ago, after spotify forced me to reset my password due to suspicious activity on my account. This still happens with my new password.

I had exactly the same

[fondberg]

It seems Spotify has made it much harder to retrieve the browser token. Hopefully someone can get around that without pulling in puppeteer (which is a complete chromebrowser)

[ettiennegous]

How long do the web tokens last?
Could one use manual steps to generate a token via a browser login and then store that rather?

[sermayoral]

Same problem here

[r0b3rt74]

Same error 400 here. :-( Any idea how to fix it? Thanks

[Capt-RedBeard]

same issue after pw reset a few days ago, anyone know how to get it working again

[fondberg]

Token is valid for 60 mins and there is no of of copying it.

I suggest people follow this issue here instead enriquegh/spotify-webplayer-token#6

[cinzas]

Hi @fondberg

Same issue. Seems harder to bypass this new restriction from spotify :(

[outadoc]

Same issue here. Would it be possible to reuse hass's built-in Spotify integration's authentication for Spotcast? I don't think it's affected too, is it?

[ido100]

It seems like if you create your own app in the developer dashboard in spotify you can generate a token. I override the get_access_token method and I have the component working at the moment.

Will try to find a nicer solution..

[fondberg]

That will not work with starting apotify on chromecast devices

[petergam]

It seems like a dead end with the current way to obtain an access_token since it would require bypassing Google Recaptcha.

I've hacked together a potential workaround. Instead of using username and password to obtain a token, I instead use two cookies that are set just after logging in called sp_dc and sp_key. It does require a manual step to obtain these cookies and they are valid for 1 year. Spotify use them to refresh the access token when it expires after 1 hour.

You can checkout how to obtain the access token with the cookies here. https://github.com/petergp/spotify-webplayer-token/blob/master/spotify_token.py

I'll be testing this the next couple of days. You can find a working fork here: https://github.com/petergp/spotcast/

To obtain the cookies manually: • Open https://accounts.spotify.com/en/login • Open network developer tools in your browser (might require developer menu to be enabled) • Login to Spotify and select Web Player • Search/Filter for get_access_token on the network list in Developer tools • Under cookies for the request find sp_dc and sp_key.

Add these to your configuration.yaml

spotcast:
  sp_dc: <sp_dc goes here>
  sp_key: <sp_key goes here> 

[moejetz]

sounds promising! I'll try and report back as soon as I have time.

[fondberg]

@petergp that is good news. Let me know if there is anything I can do to help

[petergam]

@fondberg Thanks, will do.

Seems like its a stable solution after my initial testing.

I can make a PR in a few days once a few people have confirmed that it works in their end.

This will of course be a breaking change to spotcast and require everyone to follow the manual steps to obtain the cookies so I’ll try to provide some documentation for that. This step cannot be automated and would have to be repeated once a year (but Spotify might stop this method before that anyways).

[sermayoral]

These are great news! Thanks @petergp @fondberg for making this possible

[AdrinkBeer]

Thanks for this solution! Currently testing it and it works great :)

[cinzas]

Awsome !!!

It is working again :)

[sermayoral]

I can confirm it works like a charm!!

Thank you

[r0b3rt74]

Sorry, for asking you. When I run "https://open.spotify.com/get_access_token?reason=transport&productType=web_player" I get the access token, but it's not clear where to get the sp_dc and sp_key

[petergam]

@rtirelli sp_dc and sp_key are both cookies that are a part of the request (not the response) of that call.

[petergam]

Thanks for the feedback everyone!

Lets move forward with getting an official release out. I've created a PR for spotify-webplayer-token with the required fixes. Lets see if they want to go this direction, otherwise I'll remove that dependency and add the new method directly in this repo.

[r0b3rt74]

@petergp Almost done, thanks. I could get the sp_dc and sp_key but now replacing these in the conf yaml to the client id and secret, I get such conf error:

Invalid config for [spotcast]: [sp_dc] is an invalid option for [spotcast]. Check: spotcast->spotcast->sp_dc.

What am I doing wrong?

[sermayoral]

@rtirelli you have to replace the official spotcast custom component with the @petergp's fork. It can be found here: https://github.com/petergp/spotcast/

Finally you have to add these to your configuration.yaml. Old ones (username and password) are not necessary now)

spotcast:
  sp_dc: <sp_dc goes here>
  sp_key: <sp_key goes here> 

If you don't want to replace the official spotcast custom component, you have to wait until a new version is released

[r0b3rt74]

@sermayoral Thanks! I forgot to restart HA after removing the old integration. Now it works!!!

[jacobswe]

I am able to get the sensor with the correct Chromecast devices, but when I call, and this could be user error, I am getting this error:

Failed to call service spotcast/start. Exceeded 30 redirects.

Edit: Bad Copy from the cookies inspector. Works great! Thank you!

[fondberg]

@fondberg Thanks, will do.

Seems like its a stable solution after my initial testing.

I can make a PR in a few days once a few people have confirmed that it works in their end.

This will of course be a breaking change to spotcast and require everyone to follow the manual steps to obtain the cookies so I’ll try to provide some documentation for that. This step cannot be automated and would have to be repeated once a year (but Spotify might stop this method before that anyways).

👍 Pychromecast needs updating as well to 5.2.0 as well as some other small things. Let me know when you are ready so I can make a quick release

[rob1998]

Works for me 👍

[ThePrincelle]

Works likes a charm 👍 Thanks !

[benaisn]

works great ! Thanks !

[fondberg]

Released v3.0.0