[GH-ISSUE #687 ] Error: missing field expiresIn at line 1 column 47 #389

Author

Owner

@GravyPouch commented on GitHub (Aug 12, 2025):

Same issue

@GravyPouch commented on GitHub (Aug 12, 2025): Same issue

kerem commented

https://github.com/librespot-org/librespot/issues/1527

Author

Owner

@jacksongoode commented on GitHub (Aug 12, 2025):

@jacksongoode commented on GitHub (Aug 12, 2025): https://github.com/librespot-org/librespot/issues/1527

kerem commented

Author

Owner

@rhaussmann commented on GitHub (Aug 12, 2025):

Same here.
commit hash:3989734

@rhaussmann commented on GitHub (Aug 12, 2025): Same here. commit hash:3989734

kerem commented

Author

Owner

@ishammahajan commented on GitHub (Aug 12, 2025):

@jacksongoode seems that they have fixed the apparent bug in github.com/librespot-org/librespot@ba3d501b08

@ishammahajan commented on GitHub (Aug 12, 2025): @jacksongoode seems that they have fixed the apparent bug in https://github.com/librespot-org/librespot/commit/ba3d501b08345aadf207d09b3a0713853228ba64

kerem commented

github.com/jpochyla/psst@31861f47de/psst-gui/src/webapi/client.rs (L980)

Author

Owner

@arch-btw commented on GitHub (Aug 14, 2025):

I'm trying to get more familiar with the code here but I'm having some issue figuring it out.

It seems like the meta data server has changed, but the odd thing is, this new api url is already located in psst's code here:

I think psst is using v2 or v1 of the api in some of the other code though, so it's probably still related.

@arch-btw commented on GitHub (Aug 14, 2025): I'm trying to get more familiar with the code here but I'm having some issue figuring it out. It seems like the meta data server has changed, but the odd thing is, this new api url is already located in psst's code here: https://github.com/jpochyla/psst/blob/31861f47de93392a45bf315accc738f33d1b0cfc/psst-gui/src/webapi/client.rs#L980 I think psst is using v2 or v1 of the api in some of the other code though, so it's probably still related.

kerem commented

Author

Owner

@burakemres commented on GitHub (Aug 14, 2025):

Same issue here, anyone know how to fix it?

@burakemres commented on GitHub (Aug 14, 2025): Same issue here, anyone know how to fix it?

kerem commented

Author

Owner

@jacksongoode commented on GitHub (Aug 15, 2025):

I'd be happy to review any fixes, currently a little busy now to attempt the fix :(

@jacksongoode commented on GitHub (Aug 15, 2025): I'd be happy to review any fixes, currently a little busy now to attempt the fix :(

kerem commented

Author

Owner

@daski-SNM commented on GitHub (Aug 15, 2025):

same my pc crashes wit regular Spotify hopefully the fix comes soon

@daski-SNM commented on GitHub (Aug 15, 2025): same my pc crashes wit regular Spotify hopefully the fix comes soon

kerem commented

Author

Owner

@MrMati commented on GitHub (Aug 15, 2025):

The problem is much worse
github.com/jpochyla/psst@31861f47de/psst-core/src/session/access_token.rs (L44)
returns error 403 {"code":4,"errorDescription":"Invalid request"}

Librespot solves it with Login5 which we don't have implemented
librespot-org/librespot#1532

@MrMati commented on GitHub (Aug 15, 2025): The problem is much worse https://github.com/jpochyla/psst/blob/31861f47de93392a45bf315accc738f33d1b0cfc/psst-core/src/session/access_token.rs#L44 returns error 403 `{"code":4,"errorDescription":"Invalid request"}` Librespot solves it with Login5 which we don't have implemented [librespot-org/librespot#1532](https://github.com/librespot-org/librespot/issues/1532)

kerem commented

Author

Owner

@VerizonLover commented on GitHub (Aug 15, 2025):

The problem is much worse

psst/psst-core/src/session/access_token.rs

Line 44 in 31861f4
let token: MercuryAccessToken = session.connected()?.get_mercury_json(format!(

returns error 403 {"code":4,"errorDescription":"Invalid request"}

Librespot solves it with Login5 which we don't have implemented librespot-org/librespot#1532

Seems to be related to #686

@VerizonLover commented on GitHub (Aug 15, 2025): > The problem is much worse > > [psst/psst-core/src/session/access_token.rs](https://github.com/jpochyla/psst/blob/31861f47de93392a45bf315accc738f33d1b0cfc/psst-core/src/session/access_token.rs#L44) > > Line 44 in [31861f4](/jpochyla/psst/commit/31861f47de93392a45bf315accc738f33d1b0cfc) > let token: MercuryAccessToken = session.connected()?.get_mercury_json(format!( > > returns error 403 `{"code":4,"errorDescription":"Invalid request"}` > > Librespot solves it with Login5 which we don't have implemented [librespot-org/librespot#1532](https://github.com/librespot-org/librespot/issues/1532) Seems to be related to #686

kerem commented

Author

Owner

@jacksongoode commented on GitHub (Aug 17, 2025):

I think the keymaster stuff is also affected. My guess is that we might need to either, provide a fix that follows librespot. Or more dramatically but perhaps inevitably, use librespot as the backend.

@jacksongoode commented on GitHub (Aug 17, 2025): I think the [keymaster stuff](https://github.com/librespot-org/librespot/issues/1532) is also affected. My guess is that we might need to either, provide a fix that follows librespot. Or more dramatically but perhaps inevitably, use librespot as the backend.

kerem commented

Author

Owner

@kingosticks commented on GitHub (Aug 18, 2025):

Or more dramatically but perhaps inevitably, use librespot as the backend.

We are willing to help you guys transition and help provide missing/better APIs to make that easier, if you decide to go that way. Personally I think it makes sense, anything to minimise wasted effort due to Spotify messing about sounds nice, but I can appreciate it might be a big job.

@kingosticks commented on GitHub (Aug 18, 2025): > Or more dramatically but perhaps inevitably, use librespot as the backend. We are willing to help you guys transition and help provide missing/better APIs to make that easier, if you decide to go that way. Personally I think it makes sense, anything to minimise wasted effort due to Spotify messing about sounds nice, but I can appreciate it might be a big job.

kerem commented

Author

Owner

@Hinkiii commented on GitHub (Aug 18, 2025):

Possibly off topic, but wouldn't migrating to librespot break the premium benefits that psst has?

@Hinkiii commented on GitHub (Aug 18, 2025): Possibly off topic, but wouldn't migrating to librespot break the premium benefits that psst has?

kerem commented

Author

Owner

@VerizonLover commented on GitHub (Aug 18, 2025):

Possibly off topic, but wouldn't migrating to librespot break the premium benefits that psst has?

Such as?

@VerizonLover commented on GitHub (Aug 18, 2025): > Possibly off topic, but wouldn't migrating to librespot break the premium benefits that psst has? Such as?

kerem commented

Author

Owner

@VerizonLover commented on GitHub (Aug 28, 2025):

Possibly off topic, but wouldn't migrating to librespot break the premium benefits that psst has?

Such as?

The "Show Similar Tracks" and "Show Track Credits" features:

@VerizonLover commented on GitHub (Aug 28, 2025): > > Possibly off topic, but wouldn't migrating to librespot break the premium benefits that psst has? > > Such as? The "Show Similar Tracks" and "Show Track Credits" features: <img width="1099" height="765" alt="Image" src="https://github.com/user-attachments/assets/aff12a7a-fca8-4f41-82e6-e38f2e25ce9e" /> <img width="400" height="468" alt="Image" src="https://github.com/user-attachments/assets/f4196080-718f-4d48-be28-bb9865927333" />

kerem commented

Author

Owner

@kingosticks commented on GitHub (Aug 28, 2025):

If they are missing in librespot, someone can add them, using the psst code as reference. Shouldn't be a big deal.

@kingosticks commented on GitHub (Aug 28, 2025): If they are missing in librespot, someone can add them, using the psst code as reference. Shouldn't be a big deal.

kerem commented

Author

Owner

@gsaltar commented on GitHub (Aug 29, 2025):

I am experiencing the same issue.
I compiled it in freebsd. Below is the error I get.

[2025-08-29T20:59:26Z ERROR psst_gui::webapi::client] failed to read local tracks: No such file or directory (os error 2)

@gsaltar commented on GitHub (Aug 29, 2025): <img width="638" height="733" alt="Image" src="https://github.com/user-attachments/assets/2dac98cc-a0f8-47cf-b778-f15b5a220ca9" /> I am experiencing the same issue. I compiled it in freebsd. Below is the error I get. `[2025-08-29T20:59:26Z ERROR psst_gui::webapi::client] failed to read local tracks: No such file or directory (os error 2) `

kerem commented

Author

Owner

@annethereshewent commented on GitHub (Sep 6, 2025):

also experiencing this issue.

@annethereshewent commented on GitHub (Sep 6, 2025): also experiencing this issue.

kerem commented

Author

Owner

@Tilogorn commented on GitHub (Sep 8, 2025):

Almost one month now since this software is not usable anymore. Psst is the only way to use Spotify on ARM (besides the browser UI or emulators) so I am pretty out of options for my Pi-driven hifi home equipment. I would've guessed a project with almost 10k stars is "too big to fail", but unfortunately I am wrong. Is there anything we can do on a non-technical side to support a fix?

@Tilogorn commented on GitHub (Sep 8, 2025): Almost one month now since this software is not usable anymore. Psst is the only way to use Spotify on ARM (besides the browser UI or emulators) so I am pretty out of options for my Pi-driven hifi home equipment. I would've guessed a project with almost 10k stars is "too big to fail", but unfortunately I am wrong. Is there anything we can do on a non-technical side to support a fix?

kerem commented

https://github.com/librespot-org/librespot/issues/1527#issuecomment-3218235159

Author

Owner

@ewancg commented on GitHub (Sep 8, 2025):

Seems like librespot was able to fix it: https://github.com/librespot-org/librespot/releases/tag/v0.7.0

@ewancg commented on GitHub (Sep 8, 2025): Seems like librespot was able to fix it: https://github.com/librespot-org/librespot/releases/tag/v0.7.0 https://github.com/librespot-org/librespot/issues/1527#issuecomment-3218235159

kerem commented

Author

Owner

@kingosticks commented on GitHub (Sep 8, 2025):

Yes, as mentioned in https://github.com/jpochyla/psst/issues/687#issuecomment-3191303937 someone would need to implement the login5 stuff to replace keymaster stuff. There's a complete implementation available in the librespot repository to help.

@kingosticks commented on GitHub (Sep 8, 2025): Yes, as mentioned in https://github.com/jpochyla/psst/issues/687#issuecomment-3191303937 someone would need to implement the login5 stuff to replace keymaster stuff. There's a complete implementation available in the librespot repository to help.

kerem commented

Author

Owner

@gsaltar commented on GitHub (Sep 11, 2025):

Below is something I put together as an alternative Psst, while we wait on this bug to get fixed. The guide is for FreeBSD, but it should not be too hard to tweak it to make it work on Linux.

Spotify on FreeBSD Guide

Requirements

Spotify Premium account
Spotify Developer App:
1. Visit https://developer.spotify.com/dashboard
2. Create a new app (name it anything)
3. Note your Client ID and Client Secret
4. Set Redirect URI to: http://127.0.0.1:8888

Install Dependencies

Some packages may be optional, but installing all ensures compatibility:

pkg install rust python cmake clang
alsa-lib alsa-plugins alsa-seq-server alsa-sndio alsa-utils
zita-alsa-pcmi

Versions may vary—adjust as needed for your system.

Compile librespot from Source

git clone https://github.com/librespot-org/librespot.git
cd librespot
cargo build --no-default-features --features "rustls-tls-native-roots rodio-backend"

Install spotify-qt

You can install via ports or build from source:

git clone https://github.com/kraxarn/spotify-qt.git
cd spotify-qt
mkdir build && cd build
cmake ..
make
./spotify-qt

First Run Setup

Launch spotify-qt
Enter your Spotify App ID and Secret
Go to Settings → Spotify and set the path to your librespot binary
Restart spotify-qt
Open Menu → Devices and select your spotify-qt instance

Done!

Enjoy Spotify on FreeBSD 🎶

@gsaltar commented on GitHub (Sep 11, 2025): Below is something I put together as an alternative Psst, while we wait on this bug to get fixed. The guide is for FreeBSD, but it should not be too hard to tweak it to make it work on Linux. Spotify on FreeBSD Guide ========================= Requirements ------------ - Spotify Premium account - Spotify Developer App: 1. Visit https://developer.spotify.com/dashboard 2. Create a new app (name it anything) 3. Note your Client ID and Client Secret 4. Set Redirect URI to: http://127.0.0.1:8888 Install Dependencies -------------------- Some packages may be optional, but installing all ensures compatibility: pkg install rust python cmake clang \ alsa-lib alsa-plugins alsa-seq-server alsa-sndio alsa-utils \ zita-alsa-pcmi Versions may vary—adjust as needed for your system. Compile librespot from Source ----------------------------- git clone https://github.com/librespot-org/librespot.git cd librespot cargo build --no-default-features --features "rustls-tls-native-roots rodio-backend" Install spotify-qt ------------------- You can install via ports or build from source: git clone https://github.com/kraxarn/spotify-qt.git cd spotify-qt mkdir build && cd build cmake .. make ./spotify-qt First Run Setup --------------- 1. Launch spotify-qt 2. Enter your Spotify App ID and Secret 3. Go to Settings → Spotify and set the path to your librespot binary 4. Restart spotify-qt 5. Open Menu → Devices and select your spotify-qt instance Done! ----- Enjoy Spotify on FreeBSD 🎶

kerem commented

Author

Owner

@rhaussmann commented on GitHub (Sep 11, 2025):

Hey @jacksongoode and the other collabs, I wanted to thank you for your (volunteer!) work on Psst. I hardly have time to do my laundry, much less support/develop a complicated piece of software. Your donated time and expertise are appreciated.

I'm blocked from using the Spotify desktop at work, and Psst is a great workaround. It's also super light on resources. While I'm looking forward to getting back to Psst, I'm using ncspot in the meantime.

@rhaussmann commented on GitHub (Sep 11, 2025): Hey @jacksongoode and the other collabs, I wanted to thank you for your (volunteer!) work on Psst. I hardly have time to do my laundry, much less support/develop a complicated piece of software. Your donated time and expertise are appreciated. I'm blocked from using the Spotify desktop at work, and Psst is a great workaround. It's also super light on resources. While I'm looking forward to getting back to Psst, I'm using [ncspot](https://github.com/hrkfdn/ncspot) in the meantime.

kerem commented

Author

Owner

@Alex-G commented on GitHub (Sep 17, 2025):

@Alex-G commented on GitHub (Sep 17, 2025): <img width="1643" height="755" alt="Image" src="https://github.com/user-attachments/assets/35184fca-5825-41b3-914c-bb90318130a8" />

kerem commented

Author

Owner

@TrueBeastEmperor commented on GitHub (Sep 18, 2025):

Just now saw that I had the same problem. Bruh, I just now downloaded this so I'd specifically be able to have two clients running when needed. Anyway, before I saw this post, I made the same post just seconds ago

@TrueBeastEmperor commented on GitHub (Sep 18, 2025): Just now saw that I had the same problem. Bruh, I just now downloaded this so I'd specifically be able to have two clients running when needed. Anyway, before I saw this post, I made the same post just seconds ago

kerem commented

Author

Owner

@Pogodaanton commented on GitHub (Sep 21, 2025):

I made a rudimentary port of the Login5 code found in librespot. There's a lot of jank to clean up still and we have to discuss the dependencies this pulls in. I'd appreciate any help from fellow developers 🫰

Below is a screenshot of the auth working in psst-gui. Mind you, playback is not working yet.

@Pogodaanton commented on GitHub (Sep 21, 2025): I made a rudimentary port of the Login5 code found in librespot. There's a lot of jank to clean up still and we have to discuss the dependencies this pulls in. I'd appreciate any help from fellow developers 🫰 Below is a screenshot of the auth working in `psst-gui`. Mind you, playback is not working yet. <img width="1114" height="745" alt="Image" src="https://github.com/user-attachments/assets/acd14e46-16d8-499c-aaaa-619804800c6b" />

kerem commented

Author

Owner

@jacksongoode commented on GitHub (Sep 21, 2025):

I think I've actually got something working playback and auth, I'll make a PR shortly.

@jacksongoode commented on GitHub (Sep 21, 2025): I think I've actually got something working playback and auth, I'll make a PR shortly.

kerem commented

Author

Owner

@jacksongoode commented on GitHub (Sep 21, 2025):

For those following, please test out https://github.com/jpochyla/psst/pull/694 (the artifacts can be found at the bottom here to download)

Please add comments in the PR comment section if anything isn't working. You may have to re-authenticate with the new binary.

@jacksongoode commented on GitHub (Sep 21, 2025): For those following, please test out https://github.com/jpochyla/psst/pull/694 (the artifacts can be found [at the bottom here to download](https://github.com/jpochyla/psst/actions/runs/17954044878?pr=694)) Please add comments in the PR comment section if anything isn't working. You may have to re-authenticate with the new binary.

kerem commented

Author

Owner

@VerizonLover commented on GitHub (Sep 22, 2025):

For those following, please test out #694 (the artifacts can be found at the bottom here to download)

Please add comments in the PR comment section if anything isn't working. You may have to re-authenticate with the new binary.

The download links for the artifacts don't show up anymore.

@VerizonLover commented on GitHub (Sep 22, 2025): > For those following, please test out [#694](https://github.com/jpochyla/psst/pull/694) (the artifacts can be found [at the bottom here to download](https://github.com/jpochyla/psst/actions/runs/17897882898?pr=694)) > > Please add comments in the PR comment section if anything isn't working. You may have to re-authenticate with the new binary. The download links for the artifacts don't show up anymore.

kerem commented

Author

Owner

@a-chacon commented on GitHub (Sep 22, 2025):

@jacksongoode it works! I just download the artifacts from the end of the workflow that works for me.

@a-chacon commented on GitHub (Sep 22, 2025): @jacksongoode it works! I just download the artifacts from the end of the workflow that works for me.

kerem commented

Author

Owner

@VerizonLover commented on GitHub (Sep 22, 2025):

@jacksongoode it works! I just download the artifacts from the end of the workflow that works for me.

Not here:

@VerizonLover commented on GitHub (Sep 22, 2025): > [@jacksongoode](https://github.com/jacksongoode) it works! I just download the artifacts from the end of the workflow that works for me. Not here: <img width="1874" height="888" alt="Image" src="https://github.com/user-attachments/assets/50adbab0-6e24-44fd-896c-af48bac7e3a1" />

kerem commented

Author

Owner

@jezzermeii commented on GitHub (Sep 22, 2025):

For those following, please test out #694 (the artifacts can be found at the bottom here to download)

Please add comments in the PR comment section if anything isn't working. You may have to re-authenticate with the new binary.

Works for me, all fixed! Thank you so much!!!

@jezzermeii commented on GitHub (Sep 22, 2025): > For those following, please test out [#694](https://github.com/jpochyla/psst/pull/694) (the artifacts can be found [at the bottom here to download](https://github.com/jpochyla/psst/actions/runs/17897882898?pr=694)) > > Please add comments in the PR comment section if anything isn't working. You may have to re-authenticate with the new binary. Works for me, all fixed! Thank you so much!!!

kerem commented

Author

Owner

@Pogodaanton commented on GitHub (Sep 22, 2025):

@jacksongoode it works! I just download the artifacts from the end of the workflow that works for me.

Not here:

Try scrolling to the bottom of the page linked by jackson (see bottom of below screenshot as reference)

@Pogodaanton commented on GitHub (Sep 22, 2025): > > [@jacksongoode](https://github.com/jacksongoode) it works! I just download the artifacts from the end of the workflow that works for me. > > Not here: Try scrolling to the bottom of the page linked by jackson (see bottom of below screenshot as reference) <img width="1575" height="2012" alt="Image" src="https://github.com/user-attachments/assets/cdf4d234-5615-4e4f-a807-b2ac3bed45f3" />

kerem commented

Author

Owner

@jummo commented on GitHub (Sep 24, 2025):

I can use it for a few hours, then I receive a http status: 401 error and need to logout and login again.

Any idea how to make the login persistent?

@jummo commented on GitHub (Sep 24, 2025): I can use it for a few hours, then I receive a _http status: 401_ error and need to logout and login again. <img width="608" height="433" alt="Image" src="https://github.com/user-attachments/assets/4d35f46e-da06-474e-909a-c60064eddb73" /> Any idea how to make the login persistent?

kerem commented

Author

Owner

@jacksongoode commented on GitHub (Sep 24, 2025):

I think the latest build might resolve this? Please add comments on the PR linked above please :)

@jacksongoode commented on GitHub (Sep 24, 2025): I think the latest [build](https://github.com/jpochyla/psst/actions/runs/17954044878?pr=694) might resolve this? Please add comments on the PR linked above please :)

kerem commented

Author

Owner

@jezzermeii commented on GitHub (Sep 24, 2025):

I think the latest build might resolve this? Please add comments on the PR linked above please :)

I'm now met with this, with your latest build. It used to show playlists and spotify radio playlists, as well as my recent music. It just shows loading icons now.

UPDATE:

It seems rolling back to the previous build doesn't fix this, except you no longer see the loading icons on the old build (21/09).

@jezzermeii commented on GitHub (Sep 24, 2025): > I think the latest [build](https://github.com/jpochyla/psst/actions/runs/17954044878?pr=694) might resolve this? Please add comments on the PR linked above please :) I'm now met with this, with your latest build. It used to show playlists and spotify radio playlists, as well as my recent music. It just shows loading icons now. <img width="2560" height="1440" alt="Image" src="https://github.com/user-attachments/assets/f33d929e-90a8-4bee-a04e-a8890d8a4da4" /> UPDATE: It seems rolling back to the previous build doesn't fix this, except you no longer see the loading icons on the old build (21/09).

kerem commented

Author

Owner

@jummo commented on GitHub (Sep 25, 2025):

I think the latest build might resolve this? Please add comments on the PR linked above please :)

Thanks for your reply.
I'm using the sha256:9f4e9a2fc85cd17424dea34e9ea8cdfe4abdb0d0f790ead1b32e29080449fcc9 version and after 1-2 hours I receive Failed to refresh token message.

@jummo commented on GitHub (Sep 25, 2025): > I think the latest [build](https://github.com/jpochyla/psst/actions/runs/17954044878?pr=694) might resolve this? Please add comments on the PR linked above please :) Thanks for your reply. I'm using the sha256:9f4e9a2fc85cd17424dea34e9ea8cdfe4abdb0d0f790ead1b32e29080449fcc9 version and after 1-2 hours I receive _Failed to refresh token_ message. <img width="1860" height="1237" alt="Image" src="https://github.com/user-attachments/assets/faed27ed-2fea-4e8b-b1e2-d7152ed4b6ea" />

kerem commented

Author

Owner

@RensOliemans commented on GitHub (Sep 26, 2025):

We are willing to help you guys transition and help provide missing/better APIs to make that easier, if you decide to go that way. Personally I think it makes sense, anything to minimise wasted effort due to Spotify messing about sounds nice, but I can appreciate it might be a big job.

Agreed, it's a shame that so much time is spent on dealing with Spotify's changes. One way to improve this would be to use librespot as backend, but wouldn't another way be to use Spotify's web api / OAuth? What are/were the considerations for using login5/keymaster at librespot @kingosticks? See https://github.com/jpochyla/psst/pull/694#issuecomment-3336534786, I'm personally not familiar with the context to be able to make a decision either way.

@RensOliemans commented on GitHub (Sep 26, 2025): > We are willing to help you guys transition and help provide missing/better APIs to make that easier, if you decide to go that way. Personally I think it makes sense, anything to minimise wasted effort due to Spotify messing about sounds nice, but I can appreciate it might be a big job. Agreed, it's a shame that so much time is spent on dealing with Spotify's changes. One way to improve this would be to use librespot as backend, but wouldn't another way be to use Spotify's web api / OAuth? What are/were the considerations for using login5/keymaster at librespot @kingosticks? See https://github.com/jpochyla/psst/pull/694#issuecomment-3336534786, I'm personally not familiar with the context to be able to make a decision either way.

kerem commented

Author

Owner

@kingosticks commented on GitHub (Sep 26, 2025):

If you want to access the public Web APIs (as I think is the specific case here in this issue), you need an access token. This token is scoped and needs refreshing etc. You can get an access token via their official OAuth flow using your own (stupidly restricted) client ID, or using Spotify's desktop app client ID. I don't think the refresh tokens expire, so if you store those you should essentially have a persistent login over restarts and no need to OAuth again.

If you want to play music outside of a web browser, you need to use Spotify's private Hermes/Mercury API. This is what their desktop applications use. Auth for that used to support user/pass, now it doesn't. Instead, you can auth using a valid access token (see above), and from there obtain a "StoredCredential" blob, which doesn't expire so can be stored and used for future Hermes logins. After this point, with the blob obtained, there's no requirement to OAuth again. At this point we ditch the session and login again but using our StoredCredential (we found that a session obtained using an access token had restricted capabilities. I can't remember if we proved the session lasted beyond the token lifetime or not). Using this API, you used to be able to use the keymaster endpoint to go the other way, and obtain an access token from your Hermes session. But keymaster is now dead/changed. Instead, we use our StoredCredential blob (and Spotify's client ID and an spclient token etc) with the login5 endpoint to obtain an access+refresh token; we refresh it as required. It's all slightly different for the mobile platforms.

Does that provide the context to answer your question?

EDIT: I expanded on re-login using StoredCredential.

@kingosticks commented on GitHub (Sep 26, 2025): If you want to access the public Web APIs (as I think is the specific case here in this issue), you need an access token. This token is scoped and needs refreshing etc. You can get an access token via their official OAuth flow using your own (stupidly restricted) client ID, or using Spotify's desktop app client ID. I don't think the refresh tokens expire, so if you store those you should essentially have a persistent login over restarts and no need to OAuth again. If you want to play music outside of a web browser, you need to use Spotify's private Hermes/Mercury API. This is what their desktop applications use. Auth for that used to support user/pass, now it doesn't. Instead, you can auth using a valid access token (see above), and from there obtain a "StoredCredential" blob, which doesn't expire so can be stored and used for future Hermes logins. After this point, with the blob obtained, there's no requirement to OAuth again. At this point we ditch the session and login again but using our StoredCredential (we found that a session obtained using an access token had restricted capabilities. I can't remember if we proved the session lasted beyond the token lifetime or not). Using this API, you used to be able to use the keymaster endpoint to go the other way, and obtain an access token from your Hermes session. But keymaster is now dead/changed. Instead, we use our StoredCredential blob (and Spotify's client ID and an spclient token etc) with the login5 endpoint to obtain an access+refresh token; we refresh it as required. It's all slightly different for the mobile platforms. Does that provide the context to answer your question? EDIT: I expanded on re-login using StoredCredential.

kerem commented

Author

Owner

@Pogodaanton commented on GitHub (Sep 29, 2025):

Thank you for the thorough explanation @kingosticks ! It helped me better understand what role login5 plays in the whole process.
I've tried to piece together the parts in the psst code base that reenact the auth flow described by you to better understand why my login5 port works. I thought I'd share it for the curious ones.

You can get an access token via their official OAuth flow

psst-gui/src/ui/preferences.rs:565
The typical OAuth with callback ordeal.

use Spotify's private Hermes/Mercury API [...] auth using a valid access token [...] from there obtain a "StoredCredential" blob

psst-gui/src/ui/preferences.rs:590
psst-core/src/connection/mod.rs:270
Transport::authenticate(..) connects to Mercury with the access token acquired over OAuth and receives new credentials, which are in turn saved into the config/to disk. Given the credential type returned by Mercury is 1, it's the "StoredCredential" blob we sought after.

Note that after this procedure, the access token from the above OAuth flow is thrown away because we can get new ones with Keymaster/login5. (I assume that's what "we ditch the session and login again but using our StoredCredential" means)

Using this API, you used to be able to use the keymaster endpoint [...] and obtain an access token

psst-core/src/session/access_token.rs:35
This is what psst used to do as well and which is why this issue exists. Using keymaster to obtain new access tokens came at no cost so to say, as all it did was ask Mercury, to which we have already established an authenticated connection as seen above.

Instead, we use our StoredCredential blob (and Spotify's client ID and an spclient token etc) with the login5 endpoint to obtain an access+refresh token

Adding login5 to psst means we need new code for retrieving an spclient token and for using the login5 endpoint. However, we already have the right data (StoredCredential, Client ID) to plug into both.

@Pogodaanton commented on GitHub (Sep 29, 2025): Thank you for the thorough explanation @kingosticks ! It helped me better understand what role login5 plays in the whole process. I've tried to piece together the parts in the psst code base that reenact the auth flow described by you to better understand why my [login5 port](https://github.com/jpochyla/psst/pull/693) works. I thought I'd share it for the curious ones. > You can get an access token via their official OAuth flow `psst-gui/src/ui/preferences.rs:565` The typical OAuth with callback ordeal. > use Spotify's private Hermes/Mercury API [...] auth using a valid access token [...] from there obtain a "StoredCredential" blob `psst-gui/src/ui/preferences.rs:590` `psst-core/src/connection/mod.rs:270` `Transport::authenticate(..)` connects to Mercury with the access token acquired over OAuth and receives new credentials, which are in turn saved into the config/to disk. Given the credential type returned by Mercury is `1`, it's the "StoredCredential" blob we sought after. Note that after this procedure, the access token from the above OAuth flow is thrown away because we can get new ones with Keymaster/login5. (I assume that's what "we ditch the session and login again but using our StoredCredential" means) > Using this API, you used to be able to use the keymaster endpoint [...] and obtain an access token `psst-core/src/session/access_token.rs:35` This is what psst used to do as well and which is why this issue exists. Using keymaster to obtain new access tokens came at no cost so to say, as all it did was ask Mercury, to which we have already established an authenticated connection as seen above. > Instead, we use our StoredCredential blob (and Spotify's client ID and an spclient token etc) with the login5 endpoint to obtain an access+refresh token Adding login5 to psst means we need new code for retrieving an spclient token and for using the login5 endpoint. However, we already have the right data (StoredCredential, Client ID) to plug into both.

kerem commented

Author

Owner

@kingosticks commented on GitHub (Sep 29, 2025):

Note that after this procedure, the access token from the above OAuth flow is thrown away because we can get new ones with Keymaster/login5. (I assume that's what "we ditch the session and login again but using our StoredCredential" means)

I was trying to say that we disconnect/destroy the original access-token-based session. We then create a new session using the newly acquired StoredCredential and do a fresh login using that. I wasn't sure if psst did that or not.

@kingosticks commented on GitHub (Sep 29, 2025): > Note that after this procedure, the access token from the above OAuth flow is thrown away because we can get new ones with Keymaster/login5. (I assume that's what "we ditch the session and login again but using our StoredCredential" means) I was trying to say that we disconnect/destroy the original access-token-based session. We then create a new session using the newly acquired StoredCredential and do a fresh login using that. I wasn't sure if psst did that or not.

kerem commented

Author

Owner

@ferivoq commented on GitHub (Oct 5, 2025):

has their been any progress to this?

@ferivoq commented on GitHub (Oct 5, 2025): has their been any progress to this?

kerem commented

Author

Owner

@ewancg commented on GitHub (Oct 6, 2025):

The auth-login-fix branch provides functional streaming for now. seems like they have yet to crack the auto token refresh, so when the token expires, you will have to log out & back in

@ewancg commented on GitHub (Oct 6, 2025): The [auth-login-fix](https://github.com/jpochyla/psst/tree/auth-login-fix) branch provides functional streaming for now. seems like they have yet to crack the auto token refresh, so when the token expires, you will have to log out & back in

kerem commented

Author

Owner

@jacksongoode commented on GitHub (Nov 17, 2025):

For those of your subscribed to this thread, a recent commit #693 has resolved this, please update and logout/login. Major thanks to @Pogodaanton for the fix!

@jacksongoode commented on GitHub (Nov 17, 2025): For those of your subscribed to this thread, a recent commit #693 has resolved this, please update and logout/login. Major thanks to @Pogodaanton for the fix!

kerem commented