Todo: Reverse engineer new Facebook login flow. #635
Replies: 13 comments 8 replies
-
New URL client requests in browser is: |
Beta Was this translation helpful? Give feedback.
-
Also, this login flow seems to be exclusive to the desktop app. Mobile app uses a different flow. |
Beta Was this translation helpful? Give feedback.
-
Ok, so here's how the auth flow works:
where the This behaviour shouldn't be particularly hard to implement in librespot. There are no API keys/special headers involved with the endpoint at the time of writing, so librespot could fairly easily adopt a I may get around to implementing this, but as mentioned previously, I don't use it, so it could be a while. |
Beta Was this translation helpful? Give feedback.
-
Works nicely (librespot-org/librespot-java#16)! I'll leave up to you when to close this issue. |
Beta Was this translation helpful? Give feedback.
-
Cheers, we'll leave this open for now. Currently Facebook auth isn't actually implemented in librespot, but it comes of the category of useful to have, hence will leave it here until it gets implemented at some point. |
Beta Was this translation helpful? Give feedback.
-
Heads up: Sasha's analysis in #244 (comment) is no longer accurate, all of these URLs are now redirects to a deprecation notice page. (see hrkfdn/ncspot#310 ) |
Beta Was this translation helpful? Give feedback.
-
If I get some time I'll take a look at the new process. I wish they'd stop fixing stuff that wasn't broken... |
Beta Was this translation helpful? Give feedback.
-
I wanted to try to reproduce the reverse engineering you did for the old version but I wasn't able to. I was trying to listen to http/https traffic to at least see the URLs but wasn't able to see anything. Do you have any tips on how to do it? |
Beta Was this translation helpful? Give feedback.
-
So the Facebook login flow now looks like this (for the desktop client):
This results in being redirected to Facebook. Note the
This then presents a page where the user can click a button to 'Continue to app'.
If the Facebook auth doesn't occur within about 15 minutes, the UPDATE: Looks like the code verifier stuff is standard as well: https://www.oauth.com/oauth2-servers/pkce/authorization-request/ |
Beta Was this translation helpful? Give feedback.
-
This is part of the PKCE flow (see https://tools.ietf.org/html/rfc7636#section-1.1): the |
Beta Was this translation helpful? Give feedback.
-
I have an almost complete implementation in hrkfdn/ncspot#537 but I don't see how to turn the |
Beta Was this translation helpful? Give feedback.
-
OK I'm now getting
I stored the token from the oauth2 flow /w |
Beta Was this translation helpful? Give feedback.
-
I am having the same issue as @medwards. The token doesn't work for the websocket dealer connection either: |
Beta Was this translation helpful? Give feedback.
-
The Facebook login flow described in the docs is outdated. This is the result of visiting that endpoint:
Beta Was this translation helpful? Give feedback.
All reactions