400 Bad Request error when using oauth, but browser authentication works #682
Replies: 34 comments 6 replies
-
I too have started getting this, though, I can't get the browser auth to work either. |
Beta Was this translation helpful? Give feedback.
-
Could you try messing with the headers to see if removing some fixes it? Hard to tell what the issue is without further indication |
Beta Was this translation helpful? Give feedback.
-
Hmm, I ran test requests using this code: from ytmusicapi import YTMusic
conn = YTMusic("oauth.json")
conn.rate_song("A4zBSnMhvI0", "LIKE") While removing one of these headers each time:
All of them except Here's the full error from the API, in case it helps: {
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"errors": [
{
"message": "Request contains an invalid argument.",
"domain": "global",
"reason": "badRequest"
}
],
"status": "INVALID_ARGUMENT"
}
} Also tried removing The only one that had a different result was removing the |
Beta Was this translation helpful? Give feedback.
-
Does anyone know where the oauth.json file is stored? I can't findi it to try and delete it |
Beta Was this translation helpful? Give feedback.
-
same issue, commenting for visibility! guessing its a server side change that break the api |
Beta Was this translation helpful? Give feedback.
-
Someone in the linked spotify_to_ytmusic issue mentioned it works for them as Manager of their family plan, but not for their wife and kids (non-managers). I am in the same situation (non-manager), is everyone else experiencing the issue also a non-manager on a family plan? |
Beta Was this translation helpful? Give feedback.
-
This seems related to what I've noticed: it's working fine for me when using oauth creds for one account that is a primary account of mine, but it does not work on another which is a "brand account" under a second account. I get Edit: on further testing, it seems like my 2nd account (which is under a family plan), whether I use its primary or brand account, fail with this error, so my experience supports @AntitrustEnthusiast hypothesis. |
Beta Was this translation helpful? Give feedback.
-
My account is the manager of my family plan and I get the |
Beta Was this translation helpful? Give feedback.
-
i am seeing this issue as a manager of a family plan. |
Beta Was this translation helpful? Give feedback.
-
Same here when calling yt.get_history(). I also tried updating to no avail. Currently on ver. 1.8.2. |
Beta Was this translation helpful? Give feedback.
-
I doubt this is related to family plans, likely just a coincidence. I would suspect that something in here broke/needs to be updated due the server-side update: https://github.com/sigma67/ytmusicapi/blob/main/ytmusicapi/helpers.py I will try comparing our requests with the current requests on the web when I find time. Unfortunately I work a full time job so it might be a few days. I certainly recognize the importance of the issue given the number of reports. In the meantime, anyone else with the time can perform the same analysis! |
Beta Was this translation helpful? Give feedback.
-
I have an individual plan and am also seeing this error. Maybe the issue is due to having multiple accounts on the plan? In my instance I use a branded account instead of my primary gmail.com account. I saw the error using my branded account, however after regenerating my oauth.json using my gmail.com account everything worked as expected. |
Beta Was this translation helpful? Give feedback.
-
I'm also getting this HTTP 400 error for the last few days. Glad to see I'm not alone. I tried to generate oauth.json from 2 separate accounts and both of them fail. |
Beta Was this translation helpful? Give feedback.
-
We're all well aware that the issue is happening, now it's time for the open-source community to do its thing and come together and fix it. If you scroll up and read @sigma67's message, you'll see they are busy and some suggestions about where to look in the meantime. It's probably some header or something that changed on one of the requests in the oauth flow. I tried looking at the API docs for OAuth 2.0 for TV and Limited-Input Device Applications but nothing stuck out as being different. Also tried going through the oauth flow in the browser and looking at the requests/responses to see if there's anything that looks like one of the requests in the helpers.py file, but I might just be looking in the wrong place. The properties in |
Beta Was this translation helpful? Give feedback.
-
Seeing same issue. Tried multiple accounts and it all fails locally and on a server. However, it does work locally without an oauth.json file. |
Beta Was this translation helpful? Give feedback.
-
For me, browser-based authentication doesn't work either. Using the get_history() (browseId: "FEmusic_history") on luisignaciocc/ytmusic-scrobbler-web#11 |
Beta Was this translation helpful? Give feedback.
-
same here, works with browser authentications, the instructions are here: https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html Is this authentication method going to have to be renewed regularly? |
Beta Was this translation helpful? Give feedback.
-
Common advice to make long-lasting cookies is to create them using the browser's in-private session. This avoids accidentally messing with the session during your regular browsing activity The cookies last quite long in my experience |
Beta Was this translation helpful? Give feedback.
-
that's good to know, thanks |
Beta Was this translation helpful? Give feedback.
-
I couldn't manage to get cookies in the brave browser. I keep getting a 401 error. |
Beta Was this translation helpful? Give feedback.
-
"te": "trailers\u001a" I solved the issue by removing this code from the browser.json file. However, I've been struggling with it for hours. It was so silly.
|
Beta Was this translation helpful? Give feedback.
-
I had trouble pasting directly into the
I suspect |
Beta Was this translation helpful? Give feedback.
-
I have my browser.json file by following the instructions at https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html now how do I use it to authenticate to use the s2yt_gui and get rid of the bad request? I dont mind using the terminal if I cant use the gui but I cant seem to find anything on using the browser.json. |
Beta Was this translation helpful? Give feedback.
-
It looks like the maintainers of the YouTube Kodi plugin https://github.com/anxdpanic/plugin.video.youtube found a solution - at least it is playing all of a few videos I tested. I haven't quite figured out how, but it appears to be related to using the right tokens in the right place. |
Beta Was this translation helpful? Give feedback.
-
Managed to get ytmusicapi working again with oauth by using a personal Google (developer) API key, client id and client secret in constants.py. You can manage these in https://console.cloud.google.com/apis/credentials; there are a number of tutorials on the intnernet how to create your own API key, client id and client secret. |
Beta Was this translation helpful? Give feedback.
-
I am very sorry, but I just realize it's quite a bit more complicated than I thought: |
Beta Was this translation helpful? Give feedback.
-
Sorry again, my tests were flawed - in fact, ytmusicapi works fine when supplied with an oauth token created with a valid client id and client secret. I have therefore created pull request #688 to add parameters for using your own client id and client secret to ytmusicapi setup. |
Beta Was this translation helpful? Give feedback.
-
I've been struggling with oauth and browser credentials for days, and haven't been able to get authorized with oauth or get past the browser header setup. |
Beta Was this translation helpful? Give feedback.
-
Neither oauth.json nor browser.json works for me now. |
Beta Was this translation helpful? Give feedback.
-
This is perhaps a dumb question (but not that dumb)... When setting up oauth using the new method that requires client_id and client_secret, is it the expectation that I as an application developer would create a single OAuth App in my Google Cloud Platform project, and that's what all the downstream users of my app would use? For some reason I initially was thinking that every user of my application would need to create their own project in their Google Cloud Platform and set up the OAuth credentials themselves. But now I'm realizing that doesn't make much sense, and it's probably the case that my application would just already user the client_id and client_secret of "MyApp" so that users don't have to do anything except log in. I of course would have to take care to not expose the client_id and secret in my app, somehow... (maybe using GitHub Secrets?) So yeah. If you have an app that uses ytmusicapi, does every user make their own OAuth 2.0 client or is their one single OAuth 2.0 client per application? As somebody who has done work with OAuth professionally, I'm pretty sure it's the latter but I just wasn't thinking about this the right way initially... |
Beta Was this translation helpful? Give feedback.
-
Describe the bug
the
ytmusic.search()
command is throwing aHTTP 400: Bad Request
error with the messageRequest contains an invalid argument
, but only when using oauth. Browser authentication works fine.Using
ytmusicapi
version 1.8.2To Reproduce
Steps to reproduce the behavior:
ytmusicapi oauth
as documented in setupResult:
Additional context
I've been using it for quite a while without issue, but today it stopped working, seemingly at random. Switching to browser auth has temporarily fixed it for my workflow.
Deleting
oauth.json
and redoing the authentication flow didn't work either.Beta Was this translation helpful? Give feedback.
All reactions