MagentaTV 2.0: No proper login? (Channel list not reduced to subscribed channels and playback fails)

[herrnst]

(copying from https://www.kodinerds.net/thread/77429-release-pvr-magenta/?postID=746628#post746628 as that addon release announcement thread rather seems to be used for offtopic discussion)

Kodi environment: Linux x86_64 (Ubuntu 24.04 development), Kodi 21 Omega RC1, pvr.magenta GIT HEAD (Omega branch)

Am currently accessing MagentaTV via a Telekom VDSL line, although both aren't shared on a single account (ie. no SSO via the PPPoE login, I have two Telekom customer logins - one for the DSL line, one for the MagentaTV subscription). I did it this way so MagentaTV remains sort-of "portable" and isn't bound to the DSL contract so eventually changing the ISP won't break TV.

MagentaTV and pvr.magenta both worked very smoothly so far, until a few days ago when the automatic migration to MagentaTV 2.0 happened. Since that moment, it doesn't work at all anymore:

I have both username and password set up in the addon settings and activated the "MagentaTV 2.0" option (without the latter, I don't even see any channels in the channel list anymore).

With things set up like this, the channel list is populated with every channel that is available via MagentaTV, it isn't filtered to the channels available with the active subscription (that worked like a breeze before). Also, when I try to play any channel (even free channels like "Das Erste" or ZDF), I get a popup saying "Invalid Token - This content requires a valid, unexpired auth token.". Pressing "OK" yields in an audio file being played saying "This content is currently unavailable", then any playback is completely stopped.

EDIT: My guess is that no real login to the service is happening right now, though I don't know how all this works.

Obligatory addition: On my AppleTV, everything works as intended with the new MagentaTV 2.0 app.

Is there something missing in pvr.magenta yet? Am I doing anything wrong?

[nirvana-7777]

There are many things not functional yet with pvr magenta. What version of pvr magenta do you use? Which version of inputstream? Did you change your device to web? Or Android TV? Stick won't work... Provide a debug log please.

[herrnst]

Thanks for getting back on this topic!

This is the full Kodi debug log with a fresh Kodi profile (moved existing .kodi out of the way and started from scratch, with pvr.magenta and inputstream.adaptive) with an attempt to play "Das Erste": https://paste.kodi.tv/lenaxenozi.kodi

Device type has been changed to "Android TV" beforehand.

This is with inputstream.adaptive 21.3.4 (current Omega HEAD - https://github.com/xbmc/inputstream.adaptive/commit/df8b32db36cbf4e2e14441ebe533d547ebf3c947 ) and pvr.magenta as of current Omega HEAD (21.9.0 / https://github.com/nirvana-7777/pvr.magenta/commit/d6d44f8b9c5225604b8fe1b3701ec9bd605652e8 )

The actual Kodi build is somewhere inbetween BETA3 and RC1, debugging is from a different system running Manjaro, though the behaviour as initially described is the same, so I guess that shouldn't matter much. Also, pvr.magenta worked just fine when the subscription was MagentaTV "1.0".

EDIT: Wild guess:

2024-03-11 23:10:18.114 T:7957    debug <general>: AddOnLog: pvr.magenta: function call: [GetToken]
2024-03-11 23:10:18.114 T:7957    error <general>: AddOnLog: pvr.magenta: [Auth] TAAUpdate failed!
2024-03-11 23:10:18.114 T:7957    error <general>: AddOnLog: pvr.magenta: Couldn't fetch persona token!

might be related?

Thanks!

[nirvana-7777]

Sure. I can't test myself. It seems to be related to being OTT and trying the wrong authentication method. Please set to Web and repeat the Debug log.

[herrnst]

Sure, here you go: https://paste.kodi.tv/vefatojufe.kodi

Note: For privacy reasons I replaced all occurences of my login mail address with magentatv@magentatv (or rather magentatv%40magentatv).

[nirvana-7777]

Okay, web authentication works different for you than for me. 1) If you login that account via web do you need to enter your customer ID? 2) When you use apple tv - how do you get authenticated? Via QR-Code/OTP?

[herrnst]

In both cases (web and ATV), only username (mail address) and password is everything that's asked for, I don't get additional prompts for any other data. For the web case, this applies to both web.magentatv.de and web2.magentatv.de.

[nirvana-7777]

I have a suspicion what might be ongoing but I have to wait until next week to work on it.

[herrnst]

If there's anything to test or if you need testing on anything, I'm very comfortable (re)building things from specific commits, branches, apply patches and whatnot ;)

[nirvana-7777]

What you can try is to find the pvr.magenta settings - I hope you know where they are - and delete the refresh_token. Because I've tested with empty refresh token and with correct one. But I didn't test with incorrect ones. And maybe you still have the old 1.0 refresh token in...

[herrnst]

Not entirely sure it is correct what I just did: I edited KODIHOME/userdata/addon_data/settings.xml and looked for refresh_token. I found out that was a bool with "default=true" (EDIT: like the other token settings as quoted below) without a value set. I deleted that (without Kodi running, of course), but that didn't change anything.

For reference, that file currently looks like this:

<settings version="2">
    <setting id="username">USER@DOMAIN</setting>
    <setting id="password">PWD</setting>
    <setting id="startnum" default="true">1</setting>
    <setting id="terminaltype">2</setting>
    <setting id="deletemode" default="true">0</setting>
    <setting id="deletemodeseries" default="true">0</setting>
    <setting id="hideunsubscribed" default="true">true</setting>
    <setting id="ismagentatwo">true</setting>
    <setting id="customchannels" default="true">true</setting>
    <setting id="whitelogos">true</setting>
    <setting id="onlycloud" default="true">false</setting>
    <setting id="deactivatehidden" default="true">false</setting>
    <setting id="higherresolution" default="true">true</setting>
    <setting id="enablegroups" default="true">true</setting>
    <setting id="epg_token" default="true" />
    <setting id="openid_token" default="true" />
    <setting id="tv_token" default="true" />
    <setting id="csrftoken" default="true" />
    <setting id="personaltoken" default="true" />
    <setting id="deviceid">UUID</setting>
</settings>

[nirvana-7777]

Just pushed a wild guess to the repository. Completely untested and unverified. Test if you are courageous.

[herrnst]

Built and installed https://github.com/nirvana-7777/pvr.magenta/commit/074ccb596afd2971eab68c6b2d0474cd2ea58fc3

Not sure which device type (AndroidTV, Stick or Web) to actually test with, as one part of that change relates to the Stick data, so tested all three. Though no change in behaviour with all of them.

But in the settings.xml, there now is a refresh_token element in the format "RT2:UUID1:UUID2", with UUID2 changing between addon (or Kodi) restarts when the device type is set to either "AndroidTV" or "Stick". With "Web", it doesn't update.

[nirvana-7777]

Android tv stick. Log?

[herrnst]

Logs (again, app start, go to TV, play "Das Erste", unexpired token popup and audio message):

Type set to AndroidTV: https://paste.kodi.tv/mebowozako.kodi

Type set to Magenta Stick: https://paste.kodi.tv/iwavipajol.kodi

[nirvana-7777]

Okay, one step further. Refresh Token and Access Token are there but they are not accepted by the TV server. Do you remember how you obtained the tokens? Did you have to do the OTP Authentication? (Where you enter a code and username / password) If not then you were Line Authenticated which means that pvr magenta got the token based on you Telekom internet connection. If I understand correctly in that account you don't have TV. So it would mean the correct way of authentication for your case would be BackChannel / OTP. I bet your Apple TV also authorized that way. PVR Magenta currently always prefers the Line Authentication over BackChannel because it doesn't require any user interaction. I have to think of a clever algorithm to detect your special case... If my theory is correct then if you would use a VPN or other non-Telekom access (with empty settings) the PVR would start to work.

[herrnst]

Okay, one step further. Refresh Token and Access Token are there but they are not accepted by the TV server. Do you remember how you obtained the tokens? Did you have to do the OTP Authentication? (Where you enter a code and username / password) If not then you were Line Authenticated which means that pvr magenta got the token based on you Telekom internet connection.

Umm. Actually, I never did anything proactively to obtain any tokens ;) While my subscription was MagentaTV 1.0 (so before the forced migration to 2.0) and with the "2.0" addon setting turned off, I got a OTP token (8 digits) which I entered on telekom.de/tv-login (or similar) followed by my username and password, and after that everything worked - i didn't have to provide user and pass to pvr.magenta at all. Though on the AppleTV - just like now with 2.0 - I (only) had to provide my credentials in the App and everything worked, which now is the same with 2.0.

If I understand correctly in that account you don't have TV.

Correct. Precisely, I have two customer IDs registered with them with different mail addresses. One only has the VDSL line booking, the other only has the TV booking plus additional TV subscriptions.

So it would mean the correct way of authentication for your case would be BackChannel / OTP. I bet your Apple TV also authorized that way.

As mentioned, the tvOS app just asked for the login credentials (with both 1.0 and now with 2.0) and voila. No OTP tokens, no need to enter customer IDs or anyhing. Same for Web (ie. web.magentatv.de).

PVR Magenta currently always prefers the Line Authentication over BackChannel because it doesn't require any user interaction. I have to think of a clever algorithm to detect your special case... If my theory is correct then if you would use a VPN or other non-Telekom access (with empty settings) the PVR would start to work.

Wouldn't a setting suffice for that to enforce that BackChannel way? Or - I guess the TaaUpdate stuff in the logs is the key - if auth fails (Line Auth) try BackChannel? Really just thinking loud, am totally unfamiliar with what is going on in that regard :D

Re non-Telekom, I just tried that using WiFi tethering on the laptop via my mobile phone (which has a non-Telekom and non-D1 SIM) and that didn't work aswell - same behaviour, same failure, and also the TaaUpdate failed things printed to kodi.log.

[nirvana-7777]

Next try. Uploaded a version which requests a BackChannel / OTP Authentication if the Taa Login fails.

[herrnst]

Short reply: Playback works now, though the channel list is still unfiltered! Obligatory log at https://paste.kodi.tv/egolehuqas.kodi though I edited out all tokens and customer data that was printed everywhere (hopefully got everything). This is currently set to "Android TV" but also works with "MagentaTV Stick" and "Web".

Long reply:

After activating the addon with the updated binary, I was prompted with an OTP token which I could authorize on telekom.de/tv-login (as I was used to until the subscription update to MagentaTV 2.0). At first, on trying playback I was prompted with the well-known "unexpired token" message. I then switched from "MagentaTV Stick" to "AndroidTV" which then finally resulted in getting a picture on "Das Erste" and other channels aswell! After that, switching to any other device type as mentioned above things remained working!

Though - unrelated to pvr.magenta - MagentaTV 2.0 brings a huge drawback compared to the "old" service: All private channels (RTL, ProSieben and whatnot) are - from how I understand things, might be wrong on this - enforcing WideVine L1 in their HD variants so are NOT playable on plain Linux (log mentions things like secure path and such). To get them playing, I had to turn off "Prefer higher resolution" which results in their SD variants and limits video to 960x540, though at least at 50FPS. Meh.

[herrnst]

Another discovery (no log available though):

Updated pvr.magenta on the living room HTPC (Ubuntu 24.04 dev, Kodi Omega RC2, inputstream.adaptive Omega HEAD) to your latest HEAD from today. Got the 8-digit code, authenticated, playback failed with "unexpired token". Just had to disable and re-enable pvr.magenta to make things work. On the HTPC, it's set to device type "MagentaTV Stick" and I didn't touch that setting during the re-enablement.

[nirvana-7777]

• Regarding that necessity for relaod after BC Auth. That should be fixed with latest version.
• For not filtering the list: I cannot confirm. If I in the settings activate "show only subscribed channels" it is correctly filtered. Did you activate?
• Regarding cutting the resolution in Linux. I wonder why there is no bigger scream in customers. When I found out last year I was disappointed. But I cannot do anything. It's not about the user agent it is what is in the CDM as you correctly say.

[herrnst]

• Regarding that necessity for relaod after BC Auth. That should be fixed with latest version.

That didn't seem to do the trick yet. Updated the addon, deleted userdata/addon_data/pvr.magenta, started Kodi (it directly wanted to perform OTP auth), changed settings to "MagentaTV 2.0", did the OTP thing but channels were not playable right away. Had to toggle the addon once but then everything worked.

• For not filtering the list: I cannot confirm. If I in the settings activate "show only subscribed channels" it is correctly filtered. Did you activate?

Maybe I'm just assuming it's not filtered, but I just tried to play everything that looks "suspicious" to me and it just works, but 2.0 seems to bring channels which weren't there with 1.0. So, just ignore that for now, should I notice anything I'll open a separate issue for this. Until then, sorry for the noise ;)

• Regarding cutting the resolution in Linux. I wonder why there is no bigger scream in customers. When I found out last year I was disappointed. But I cannot do anything. It's not about the user agent it is what is in the CDM as you correctly say.

[offtopic] Yep, clearly a DRM/Widevine thing being controlled by the platform, which makes me need to think about if I really want to keep the MagentaTV subscription when MegaSport expires... Maybe switching to my Nvidia Shield would be viable, but from what I gathered ie. from the forum thread, Android doesn't work at all right now, will keep an eye on the issue at inputstream.adaptive though.

Also, the vast majority including John Doe doesn't care about if it works outside what they advertise it being compatible with, so... [/offtopic]

[personal] Regardless of what works or not, thank you very very much for all your efforts in bringing MagentaTV to Kodi so MagentaTV becomes usable (that tvOS App/UI is completely unusable IMHO)! [/personal]

[nirvana-7777]

That didn't seem to do the trick yet.

I think I've got it this time. If not please do one last ;-) log.

[herrnst]

Yep, works now without any addon restarts, note I even don't need to enter credentials into the addon settings.

Slightly offtopic, maybe something for a "feature issue": For usability, maybe there's a way to ask if the subscription is 1.0 or 2.0 before showing the OTP token. Currently, when things are unconfigured (right after installing the addon), on Kodi startup there's the OTP popup right away, but it will authorize against a 1.0 subscription. This results in an empty channel list. One has to open the settings and flip the "MagentaTV 2.0" switch first before authenticating again.

Anyways: Once again many many thanks for your efforts in bringing MagentaTV to Kodi! :)

[herrnst]

Closing this since login and playback works just fine since https://github.com/nirvana-7777/pvr.magenta/commit/59a3d6702cce08c6911cbbe00bad666c89b2bd58 - thanks!