Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TIDAL deprecates username/password login for oAuth #545

Closed
ribizli opened this issue May 7, 2019 · 37 comments
Closed

TIDAL deprecates username/password login for oAuth #545

ribizli opened this issue May 7, 2019 · 37 comments
Labels
feature postponed Nobody is working on this, because no developer appears to be interested in this.

Comments

@ribizli
Copy link

ribizli commented May 7, 2019

Hi,

we tried to get an official API token from TIDAL, it seems to be possible anyway. But they don't support username/password login anymore, one need to use oAuth alternatives (they provide three).

I see, that implementing the oAuth flow in MPD is not possible, but maybe there should be a way to pass a valid access token to MPD.

E.g. I can imagine a file with the token on a path configured for the plugin. The plugin reads the file, (optionally) checks for validity (needs base64 decoding and JSON parsing) and uses the token instead of session_id.

Alternatively also supporting refresh token process?

Please share your thoughts.
@ribizli
Copy link
Author

ribizli commented May 21, 2019

@MaxKellermann any opinion on this?

@ArturSierzant ArturSierzant mentioned this issue Jun 2, 2019
Closed
@MaxKellermann
Copy link
Member

I don't know oAuth. Why is oAuth not possible in MPD?

@ribizli
Copy link
Author

ribizli commented Jun 4, 2019 via email

@MaxKellermann
Copy link
Member

Hm, that sucks. Are there other Tidal players which don't have a built-in web browser?

@marcbth
Copy link

marcbth commented Jun 4, 2019

Hallo Max,

show upmpdcli

there is a upmpdcli-tidal plugin. it works
https://opensourceprojects.eu/p/upmpdcli/code/ci/5fbea55f973ed222cd3e635440500025626fd074/tree/

@marcbth
Copy link

marcbth commented Jun 4, 2019

another from Artur

https://github.com/ArturSierzant/OMPD

@ribizli
Copy link
Author

ribizli commented Jun 4, 2019

They (Tidal) stated that in the future only the OAuth token based API calls will work. The solutions posted by @marcbth are still using username/password login. The old API tokens issued earlier are still working.

@MaxKellermann
Copy link
Member

there is a upmpdcli-tidal plugin. it works

Apart from being illegal (because it links a proprietary library from Spotify), upmpdcli uses the old username/password protocol, just like MPD.

@marcbth
Copy link

marcbth commented Jun 4, 2019

my issues #572

so my problems come from that?

ompd of arthur uses an old script. registration works and tidal is searchable.
I have inserted the x-token-tidal and the registration schent yes to work.

or has changed in tidal now what or mpd?

sorry for my stupid questions

cliff

@ribizli
Copy link
Author

ribizli commented Jun 4, 2019 via email

@marcbth
Copy link

marcbth commented Jun 4, 2019

then I do not understand that I still can log in upmpdcli or ompd me and play tidal.

is there an alternative to use tidal natively in mpd then again?

I want to get away from the whole upnp

cliff

@MaxKellermann
Copy link
Member

And I can still play Tidal natively with MPD.
So, what's really wrong? What is this issue report really about? Is there a real problem, or is there only an announcement by Tidal of future deprecation?

@ribizli
Copy link
Author

ribizli commented Jun 4, 2019 via email

@marcbth
Copy link

marcbth commented Jun 4, 2019

yes i have. i have a tidal account.

can i write a private email to you in german?

@marcbth
Copy link

marcbth commented Jun 4, 2019

you have a legacy token which works

On Tue, 4 Jun 2019, 18:51 marcbth, @.***> wrote: then I do not understand that I still can log in upmpdcli or ompd me and play tidal. is there an alternative to use tidal natively in mpd then again? I want to get away from the whole upnp cliff — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#545?email_source=notifications&email_token=AAHYWWN2JC5XFVNTOUMDR6TPY2MQTA5CNFSM4HLJRE62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODW5GDLY#issuecomment-498753967>, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYWWLLDYXAEEBWHBKHLNLPY2MQTANCNFSM4HLJRE6Q .

or a call?

@ribizli
Copy link
Author

ribizli commented Jun 4, 2019

so, you can steal a token (as MPD docu suggests), but this is illegal. So we contacted Tidal for a token, and they rejected, login/session API is deprecated, we could use oAuth only. I cannot describe it better, sorry.

@marcbth
Copy link

marcbth commented Jun 4, 2019

do not want to do anything illegal.
it would be a shame if tidal were not possible anymore.

if you have tidal as a contact person?

I also like to try it. because I actually have good relationships in the German hifi high end scene or manufacturers.

it is tidal also helped, concerning the further spread.

I can contribute the api or documentation for highresaudio streaming including, of course, an access.

@ranperry
Copy link

ranperry commented Jun 4, 2019 via email

@marcbth
Copy link

marcbth commented Jun 4, 2019

Thank you. I will contact him

@ribizli
Copy link
Author

ribizli commented Jun 4, 2019 via email

@jonaski
Copy link

jonaski commented Jun 8, 2019

I contacted Tidal to ask for access to the API for use in Strawberry, but simply got: "Unfortunately we do not share our API."
I'm using one of the android tokens and logins recently stopped working, fixed it by switching to https://api.tidalhifi.com/v1/login/username (I was using listen.tidal.com previously).

@ribizli
Copy link
Author

ribizli commented Jun 9, 2019
edited
Loading

@jonaski you need to get a developer account, then you get access to all needed documentation (including API, and OAuth stuff). We have already got such an account so definitely there is an official way to use their API.

My original message/issue still valid: username/password login (aka session based access) is not allowed for new users. You need an access JWT token to access the Tidal backend. This JWT token also replaces the API token used before (this also means, you need a Tidal user account to browse metadata, too).

@jonaski
Copy link

jonaski commented Jun 9, 2019

@ribizli How do I get a developer account?

@ribizli
Copy link
Author

ribizli commented Jun 24, 2019

@jonaski https://developer.tidal.com/
"Access to this portal is by invitation only, and requires an agreement between the parties."

Some quotations from emails I've got from Tidal:

  • "We only support oauth methods"
  • "DRM support is not mandatory at the moment, but in the future, clients that have DRM will get a better streaming performance." ("our content delivery supplier prioritises DRM streams over non-DRM streams")
  • "We are deprecating authentication with username and password" (for OAuth)
  • "We have a stage and production environment, we kindly request our partners to first do the implementation in stage, certify it with our QA"
  • "Please note that streaming is very limited on stage environment, so you will have to use the production credentials to do everything else after user authentication on production"
  • "In this environment (me: stage) you can build out and test the implementation. We would like to verify on our side before moving on to our production environment"
  • "Regarding the certification process in stage and Prod - It will be great if you send us a device so that our team here can certify the implementation" (we produce a HW player)
  • "We usually have the stage environment for testing all functionalities except streaming. Streaming is not supported in the environment."
  • "As we don't have your device yet you can share your test results to us by sending us a video of the tests or testing it live over a video call."
  • "Giving you production credentials doesn’t mean going into production, it’s just that you test against our production environment. We will need to certify your implementation in production environment as well"

On the developer portal there is a long list (in Excel) of points the test during QA. They mostly compare the results with their GUI. We have different GUI (limited, different navigation and views), so I'm already afraid about the QA.

MaxKellermann added a commit that referenced this issue Jun 26, 2019
@MaxKellermann
input/tidal: deprecated because Tidal has changed the protocol
8bf3f9b 
See #545
@MaxKellermann MaxKellermann added feature postponed Nobody is working on this, because no developer appears to be interested in this. stable labels Jun 26, 2019
@MaxKellermann
Copy link
Member

Postponed until Tidal shares documentation.
If that doesn't ever seem to happen, the plugin will be removed.

@ribizli
Copy link
Author

ribizli commented Jun 27, 2019

@MaxKellermann they won't share until you ask for it actively.

In the meanwhile I've implemented the process in our project, and I see, MPD couldn't/shouldn't handle the process on its own.

I see however a possible solution:

  • at the end of the OAuth process an access and a renew JWT token is issued for the authenticated user. (getting to these tokens is out of scope of MPD)
  • the access token has to be used as a Authorization: Bearer <token> header instead of the X-Tidal-Token, X-Tidal-SessionId tuple. The same API endpoints can be used, but different headers.
  • since the access token has a 1 day validity only, MPD should make a renewal using the renew JWT token
  • to get a new valid access JWT token (renewal) a POST request has to make with the following form parameters:
    • refresh_token
    • client_id: this is issued by Tidal instead of X-Tidal-Token
    • client_secret: this is issued by Tidal instead of X-Tidal-Token
  • as a solution I'd propose an alternative MPD Tidal plugin configuration with the above 3 parameters instead of the token, username and password. MPD decides depending on which 3 parameters are configured.
    • instead of a SessionId (and the username/password login) MPD need to maintain (get initially, refresh if expired) an access JWT token

I think this is a small change in the current implementation (As far I managed to read it). Unfortunately I'm not a C++ developer, so I cannot provide with a PR to move this topic further.

Let me share a copy of the related documentation since I have access to Tidal's developer site.
renew API (PDF)

@jonaski
Copy link

jonaski commented Jun 27, 2019
edited
Loading

It uses standardized OAuth protocol. I've already implemented it in Strawberry, but using the client_id from Windows the streams are encrypted. I don't think Tidal would approve an open source project where the client id can be seen in the source code. And without the client id no-one can use it.
I don't know much about MPD, but the client (frontend) needs to authorize using a web browser, then the login page at Tidal will redirect to: tidal://login/auth with an code in the query which is used to request the access token needed to use the API. So the client could probably send the code to MPD through the MPD network protocol where MPD requests the final access token.
Strawberry gets registered as the url schema handler for tidal which let's the web browser pass the code through the strawberry command line options, it uses singleapplication to message the active process with the code needed to obtain the access token.
You can look at how I've done it, I send the request here: https://github.com/jonaski/strawberry/blob/master/src/tidal/tidalservice.cpp#L238
Then I receive the URL with the code here: https://github.com/jonaski/strawberry/blob/master/src/core/mainwindow.cpp#L1918
Then it emits a signal to the tidal service with the URL which obtains the access token here:
https://github.com/jonaski/strawberry/blob/master/src/tidal/tidalservice.cpp#L272

@MaxKellermann MaxKellermann mentioned this issue Aug 12, 2019
Closed
@jonaski jonaski mentioned this issue Aug 25, 2019
Closed
@therumbler
Copy link

FWIW I was just able to log in to Tidal via a POST to https://api.tidalhifi.com/v1/login/username. I used this token: "GvFhCVAYp3n43EN3", which I believe is from the iOS app.

@ghost
Copy link

ghost commented Feb 22, 2020

That Token just worked for me.

@Fef0
Copy link

Fef0 commented Apr 4, 2020

FWIW I was just able to log in to Tidal via a POST to https://api.tidalhifi.com/v1/login/username. I used this token: "GvFhCVAYp3n43EN3", which I believe is from the iOS app.

It worked, thank you very much

@Fef0 Fef0 mentioned this issue Apr 4, 2020
Closed
@JuniorJPDJ
Copy link

https://github.com/FUFRUnidentifiedFLACRipper/python-tidal-async-oauth2
I implemented client_id extraction from .apk file for android.
There's no encryption of files sent to android app :3
Feel free to steal it from me - the code will be AGPL later.

@hmelder
Copy link

hmelder commented Oct 17, 2020
edited
Loading

How about an oauth device flow?
Or just use the FireTv api key. It is drm free and has the legacy login enabled.
I have completely reverse engineered the TIDALAPI:
https://github.com/openTIDAL/docTIDAL/wiki/auth-token
https://github.com/openTIDAL/docTIDAL/wiki/auth-device_authorization
https://github.com/openTIDAL/docTIDAL/wiki/API-Keys

@ribizli
Copy link
Author

ribizli commented Oct 17, 2020

I can imagine an external tool to play the device flow through and get a refresh token. The refresh token has a very long validity, so one needs to get it once, and configure into the plugin. The plugin only needs to get a fresh access token if the previous expired (I already proposed this solution above).

Of course the plugin could implement the whole flow, but MPD isn't meant to be used interactively, so where to get the auth code (the four characters to enter on the tidal website) from...

Finally my solution was to create a proxy (http server) which cares about the auth, and provides a source for the curl plugin. (like: http://localhost:8080/tidal/)

@hmelder
Copy link

hmelder commented Oct 17, 2020
edited
Loading

I nearly finished my TIDAL C Library with an integrated access_token refresh thread and nearly 100% API coverage. During the setup the user receives a 5 digit code. He authorizes the client via link.tidal.com.
The access_token lasts 7 Days. But you can refresh it at every time with the refresh_token.
At some point I will publish all 10 DRM-Free client_ids and client_secrets that I gathered from de-compiling Apps.
https://github.com/openTIDAL/docTIDAL/wiki/Authentication

@JuniorJPDJ
Copy link

@DerNuntius it would probably be better to public method of gathering them, not making them directly public ;)

@hmelder
Copy link

hmelder commented Nov 19, 2020 via email

@tehkillerbee tehkillerbee mentioned this issue Mar 15, 2021
Closed
@jonaski jonaski mentioned this issue Nov 11, 2021
Closed
@jcorporation
Copy link
Member

Closing, Tidal plugin was removes since ver 0.22.10

@jcorporation jcorporation closed this as not planned Won't fix, can't repro, duplicate, stale Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature postponed Nobody is working on this, because no developer appears to be interested in this.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@jcorporation @ribizli @ranperry @MaxKellermann @therumbler @JuniorJPDJ @jonaski @Fef0 @marcbth @hmelder