[PR #1344] [MERGED] Get access token via login5 #1347

New issue

Closed

opened 2026-02-27 20:02:06 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 20:02:06 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/librespot-org/librespot/pull/1344
Author: @photovoltex
Created: 9/19/2024
Status: ✅ Merged
Merged: 10/19/2024
Merged by: @roderickvd

Base: dev ← Head: login5-again

📝 Commits (10+)

99f21a1 core: Obtain spclient access token using login5 instead of keymaster (Fixes #1179)
0ea50e7 core: move login5 into own manager
f6d032e core: move solving hashcash into util
367b8e3 core: login5 handle challenges and errors
875d0c0 core: add asynchronously lock to component
b923f06 login5: add login_context to new followup request
1280945 core: update versions, add example versions
8fdd6ff login5: add login for mobile
0cd125d Merge remote-tracking branch 'origin/dev' into login5-again
5e5944a core: revert component changes, pre-acquire tokens

📊 Changes

9 files changed (+362 additions, -55 deletions)

View changed files

📝 CHANGELOG.md (+5 -1)
📝 connect/src/spirc.rs (+19 -1)
📝 core/src/http_client.rs (+2 -0)
📝 core/src/lib.rs (+1 -0)
➕ core/src/login5.rs (+265 -0)
📝 core/src/session.rs (+9 -0)
📝 core/src/spclient.rs (+6 -50)
📝 core/src/util.rs (+48 -3)
📝 protocol/build.rs (+7 -0)

📄 Description

Based on @kingosticks work on implementing login5, see kingosticks/login5-again

As stated in https://github.com/librespot-org/librespot/pull/1220#issuecomment-2353566389 the PR to implement the login5 token retrieval into dev. I couldn't test if solving the challenge works, because it didn't send any challenge to solve (i tested it connecting from Android and Linux, so maybe win or osx could do the trick). But if solving the hashcash is universal and solving the hashcash for the client_token works, this should as well. ~~The general flow is copied from go-librespot.~~

In https://github.com/librespot-org/librespot/pull/1309#issue-2450835186 we already had the problem mentioned with having two solutions to retrieve a token. From the technically viewpoint i would like to remove the TokenProvider completely in favor of login5. But sadly there are some arguments for letting it stay. Compared to login5 the keymaster can provide tokens in relation to a custom client_id. Login5 requests just give a BAD_REQUEST error if we try do request a token with a custom client_id. I know that some applications like ncspot use this token acquisition to avoid doing the general oauth flow and or storing the client_secret in the application.

So i would like some feedback how we should proceed with that problem. It's probably also quite dependent if we still merge this into 0.5 or not?

Fixes https://github.com/librespot-org/librespot/issues/1179

Fixes https://github.com/librespot-org/librespot/issues/1245

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/librespot-org/librespot/pull/1344 **Author:** [@photovoltex](https://github.com/photovoltex) **Created:** 9/19/2024 **Status:** ✅ Merged **Merged:** 10/19/2024 **Merged by:** [@roderickvd](https://github.com/roderickvd) **Base:** `dev` ← **Head:** `login5-again` --- ### 📝 Commits (10+) - [`99f21a1`](https://github.com/librespot-org/librespot/commit/99f21a1618f76f43f029fafe38f998bf75570ac9) core: Obtain spclient access token using login5 instead of keymaster (Fixes #1179) - [`0ea50e7`](https://github.com/librespot-org/librespot/commit/0ea50e79722e0527491f471b146706cb2d1809b4) core: move login5 into own manager - [`f6d032e`](https://github.com/librespot-org/librespot/commit/f6d032e819e48dbd24af25d186124263210d0502) core: move solving hashcash into util - [`367b8e3`](https://github.com/librespot-org/librespot/commit/367b8e351ebb2f026d1d76d6a2b73b31ae88d162) core: login5 handle challenges and errors - [`875d0c0`](https://github.com/librespot-org/librespot/commit/875d0c0bebe1d5b9dffce634e72b21cfdaed6bf2) core: add asynchronously lock to component - [`b923f06`](https://github.com/librespot-org/librespot/commit/b923f06a45f31db25c99d55e6b087c98579b631c) login5: add login_context to new followup request - [`1280945`](https://github.com/librespot-org/librespot/commit/12809459dde8c02c3afd24ecefb75c484b37ffea) core: update versions, add example versions - [`8fdd6ff`](https://github.com/librespot-org/librespot/commit/8fdd6ffe65e49e2a6a02a185107851f67251f8a4) login5: add login for mobile - [`0cd125d`](https://github.com/librespot-org/librespot/commit/0cd125db4861cc5ef72e44cc89a84a4536d02f0b) Merge remote-tracking branch 'origin/dev' into login5-again - [`5e5944a`](https://github.com/librespot-org/librespot/commit/5e5944a8c8fb1058fe9d7576c0b9407d22c45adc) core: revert component changes, pre-acquire tokens ### 📊 Changes **9 files changed** (+362 additions, -55 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+5 -1) 📝 `connect/src/spirc.rs` (+19 -1) 📝 `core/src/http_client.rs` (+2 -0) 📝 `core/src/lib.rs` (+1 -0) ➕ `core/src/login5.rs` (+265 -0) 📝 `core/src/session.rs` (+9 -0) 📝 `core/src/spclient.rs` (+6 -50) 📝 `core/src/util.rs` (+48 -3) 📝 `protocol/build.rs` (+7 -0) </details> ### 📄 Description > Based on @kingosticks work on implementing `login5`, see [kingosticks/login5-again](https://github.com/kingosticks/librespot/tree/login5-again) As stated in https://github.com/librespot-org/librespot/pull/1220#issuecomment-2353566389 the PR to implement the login5 token retrieval into dev. I couldn't test if solving the `challenge` works, because it didn't send any challenge to solve (i tested it connecting from Android and Linux, so maybe win or osx could do the trick). But if solving the `hashcash` is universal and solving the `hashcash` for the `client_token` works, this should as well. ~~The general flow is copied from `go-librespot`.~~ In https://github.com/librespot-org/librespot/pull/1309#issue-2450835186 we already had the problem mentioned with having two solutions to retrieve a token. From the technically viewpoint i would like to remove the `TokenProvider` completely in favor of login5. But sadly there are some arguments for letting it stay. Compared to login5 the keymaster can provide tokens in relation to a custom client_id. Login5 requests just give a `BAD_REQUEST` error if we try do request a token with a custom client_id. I know that some applications like `ncspot` use this token acquisition to avoid doing the general oauth flow and or storing the client_secret in the application. So i would like some feedback how we should proceed with that problem. It's probably also quite dependent if we still merge this into 0.5 or not? Fixes https://github.com/librespot-org/librespot/issues/1179 Fixes https://github.com/librespot-org/librespot/issues/1245 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>