Open Kyrielight opened 6 years ago
Can anyone confirm it is still possible to get the token using the methods listed above? I tried Dev Tools in both Chrome and Firefox, but there doesn't seem to be a token with either method. I have 2FA enabled if that makes any difference...
Hm, it wasn't there when I first looked but showed up after I logged out and logged in again. Worked with MFA as well.
Managed to get the token - used Chrome in ingocnito mode + dev tools to get it from local storage. Thanks for your help!
For anyone recently getting tokens, I've found out on Firefox at least that the token
value may be hidden unless you're in Responsive Design Mode, as pointed out here.
Storage
DevTools tabResponsive Design Mode
button near the DevTools close button on the top-righttoken
show up in the storage viewResponsive Design Mode
and watch the token be hidden away somewhereI assume Discord changed the token storage method, perhaps as a way to try to stop people from extracting it. I don't know why it shows up again in mobile view; perhaps it's part of the mobile client login process..? I have no idea.
@digitalcircuit thanks for the writeup. I'll probably need to move the best comments from this thread to a 'Q&A' section of 'discussions'.
@sm00th Makes sense! The need to manage tokens looks like it's affecting other clients too, as was pointed out to me on #bitlbee
, so there might be opportunity for collaboration.
(…I also wound up making a badly drawn meme/logo as a result of the account password resets, as unexpectedly shown in the issue linked above. So… PNG and SVG, CC-0.)
The debugging may be either on or off and if you are seeing the 'failed to switch to websocket mode' you should definitely see the other one in debug log since they are right next to each other in sources. It won't be a http request any more but rather a '<<<(null)' type of message.
I have the same issue in that function. setting token_cache didn't help.
[16:58:56] >>> ((null)) discord_http_get 217
About to send HTTP request:
GET /api/gateway HTTP/1.1
Host: discordapp.com
User-Agent: Bitlbee-Discord
Content-Type: application/json
authorization:
<you wish you had it>
HTTP response headers:
HTTP/1.1 200 OK
Date: date
Content-Type: application/json
Content-Length: 35
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 10
Via: 1.1 google
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
CF-Cache-Status: HIT
Age: 82315
Expires: date
Cache-Control: public, max-age=30
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foobar"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY:foobar
Finishing HTTP request with status: 200 OK
[16:58:56] <<< ((null)) discord_http_gateway_cb [200] 35
{"url": "wss://gateway.discord.gg"}
[16:58:57] <<< ((null)) discord_ws_in_cb switching failure. buf:
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 22 Sep 2021 13:58:57 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
I have exactly the same error as yours. I obtained my token from firefox and set it in bitlbee. My debug output looks like this.
[22:12:57] >>> ((null)) discord_http_get 188
About to send HTTP request:
GET /api/gateway HTTP/1.1
Host: discordapp.com
User-Agent: Bitlbee-Discord
Content-Type: application/json
authorization: removed
HTTP response headers:
HTTP/1.1 200 OK
Date: Sat, 25 Sep 2021 14:14:07 GMT
Content-Type: application/json
Content-Length: 35
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 5
Via: 1.1 google
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
CF-Cache-Status: HIT
Age: 20155
Expires: Sat, 25 Sep 2021 14:14:37 GMT
Cache-Control: public, max-age=30
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=removed"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6944db6bcc1421e9-HKG
Finishing HTTP request with status: 200 OK
[22:12:57] <<< ((null)) discord_http_gateway_cb [200] 35
{"url": "wss://gateway.discord.gg"}
[22:12:57] <<< ((null)) discord_ws_in_cb switching failure. buf:
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sat, 25 Sep 2021 14:14:08 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
The debugging may be either on or off and if you are seeing the 'failed to switch to websocket mode' you should definitely see the other one in debug log since they are right next to each other in sources. It won't be a http request any more but rather a '<<<(null)' type of message.
I have the same issue in that function. setting token_cache didn't help.
[16:58:56] >>> ((null)) discord_http_get 217 About to send HTTP request: GET /api/gateway HTTP/1.1 Host: discordapp.com User-Agent: Bitlbee-Discord Content-Type: application/json authorization: <you wish you had it> HTTP response headers: HTTP/1.1 200 OK Date: date Content-Type: application/json Content-Length: 35 Connection: keep-alive strict-transport-security: max-age=31536000; includeSubDomains x-envoy-upstream-service-time: 10 Via: 1.1 google Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 CF-Cache-Status: HIT Age: 82315 Expires: date Cache-Control: public, max-age=30 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foobar"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY:foobar Finishing HTTP request with status: 200 OK [16:58:56] <<< ((null)) discord_http_gateway_cb [200] 35 {"url": "wss://gateway.discord.gg"} [16:58:57] <<< ((null)) discord_ws_in_cb switching failure. buf: HTTP/1.1 400 Bad Request Server: cloudflare Date: Wed, 22 Sep 2021 13:58:57 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - <html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>cloudflare</center> </body> </html>
I've been seeing the same "failed to switch to websocket mode" error with the same debug messages, but only since glib2 2.70, if that bit of extra detail helps narrow it down. Downgrading to 2.68 works around it for now.
Downgrading works for me I opened #226 about the issue.
I had the "captcha-required" issue today and can confirm that finding the location at Dev Tools->Application->Local Storage->token works fine and I was able to log in using it (on glib 2.68; I don't know about later glib versions).
For those who are having trouble, here are a couple of tips:
token
, there's also one called tokens
(note the plural), and (at least on my computer) it shows up before the non-plural version.After you log in successfully, I'd recommend logging out again, using account discord set password <your password>
to update bitlbee-discord's knowledge of the password, then using account discord set token_cache ""
to clear the token cache.
I kept getting the null error when attempting to log into Discord, and a quick debug output shows that login is failing because the reCAPTCHA code section is blank and required (thus returning a 400).
Not exactly sure how this could be bypassed given Discord doesn't like botting into user accounts; I suppose theoretically one could MAC spoof to authenticate beforehand?