starred/spotify_monitor
1
0
Fork 0
mirror of https://github.com/misiektoja/spotify_monitor.git synced 2026-04-25 22:55:52 +03:00
Code Issues 1 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #28] TOTP_VER Issue #17

New issue
Closed
opened 2026-02-27 20:07:42 +03:00 by kerem · 3 comments
kerem commented 2026-02-27 20:07:42 +03:00
Owner
Copy link

Originally created by @tomballgithub on GitHub (Dec 26, 2025).
Original GitHub issue: https://github.com/misiektoja/spotify_monitor/issues/28

I noticed this before the recent update.

I added the print statement generate_totp():

def generate_totp():
    import pyotp

    ver = TOTP_VER or max(map(int, SECRET_CIPHER_DICT))
    print(f"- totp_ver: {ver}")

And noticed there are multiple runs of generate_totp() with the wrong TOTP_VER (before it is loaded from URL/File):

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- totp_ver: 6
- totp_ver: 6
- totp_ver: 6
Fetching Spotify web-player TOTP secrets from URL: XXX
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- totp_ver: 61
Originally created by @tomballgithub on GitHub (Dec 26, 2025). Original GitHub issue: https://github.com/misiektoja/spotify_monitor/issues/28 I noticed this before the recent update. I added the print statement generate_totp(): ``` def generate_totp(): import pyotp ver = TOTP_VER or max(map(int, SECRET_CIPHER_DICT)) print(f"- totp_ver: {ver}") ``` And noticed there are multiple runs of generate_totp() with the wrong TOTP_VER (before it is loaded from URL/File): ``` ───────────────────────────────────────────────────────────────────────────────────────────────────────────────── - totp_ver: 6 - totp_ver: 6 - totp_ver: 6 Fetching Spotify web-player TOTP secrets from URL: XXX ───────────────────────────────────────────────────────────────────────────────────────────────────────────────── - totp_ver: 61 ```
kerem closed this issue 2026-02-27 20:07:42 +03:00
kerem commented 2026-02-27 20:07:43 +03:00
Author
Owner
Copy link

@tomballgithub commented on GitHub (Dec 26, 2025):

It does it 3 times because that is the # of retries on failure.

if I put the latest SECRET_CIPHER_DICT into the .conf file, it works the first time and doesn't try to load from the URL:

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- totp_ver: 61
<!-- gh-comment-id:3692124966 --> @tomballgithub commented on GitHub (Dec 26, 2025): It does it 3 times because that is the # of retries on failure. if I put the latest SECRET_CIPHER_DICT into the .conf file, it works the first time and doesn't try to load from the URL: ``` ───────────────────────────────────────────────────────────────────────────────────────────────────────────────── - totp_ver: 61 ```
kerem commented 2026-02-27 20:07:43 +03:00
Author
Owner
Copy link

@tomballgithub commented on GitHub (Dec 26, 2025):

Code currently only does fetch_and_update_secrets() if the SECRET_CIPHER_DICT within the .conf doesn't work and fails max_retries times.

Is there any case where you'd want to use the one in the .conf if SECRET_CIPHER_DICT_URL is specified? I think SECRET_CIPHER_DICT_URL should override what's in the .conf starting from the first TOTP attempt

<!-- gh-comment-id:3693203253 --> @tomballgithub commented on GitHub (Dec 26, 2025): Code currently only does fetch_and_update_secrets() if the SECRET_CIPHER_DICT within the .conf doesn't work and fails max_retries times. Is there any case where you'd want to use the one in the .conf if SECRET_CIPHER_DICT_URL is specified? I think SECRET_CIPHER_DICT_URL should override what's in the .conf starting from the first TOTP attempt
kerem commented 2026-02-27 20:07:43 +03:00
Author
Owner
Copy link

@misiektoja commented on GitHub (Dec 27, 2025):

It was done like that by design. The idea was to put the TOTP secret in SECRET_CIPHER_DICT_URL and avoid redownloading it if user decides so. However, because we had an old value there, it was tried three times, which obviously did not make any sense. I simply set the SECRET_CIPHER_DICT_URL to an empty one now, so it always gets the fresh one, even though it appears Spotify stopped rotating the secrets every few days.

In your case just set SECRET_CIPHER_DICT = { } in your spotify_monitor.conf file.

<!-- gh-comment-id:3693532785 --> @misiektoja commented on GitHub (Dec 27, 2025): It was done like that by design. The idea was to put the TOTP secret in `SECRET_CIPHER_DICT_URL` and avoid redownloading it if user decides so. However, because we had an old value there, it was tried three times, which obviously did not make any sense. I simply set the `SECRET_CIPHER_DICT_URL` to an empty one now, so it always gets the fresh one, even though it appears Spotify stopped rotating the secrets every few days. In your case just set `SECRET_CIPHER_DICT = { }` in your `spotify_monitor.conf` file.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
totp_fix_2026
dev
v2.9.1
v2.9
v2.8
v2.7
v2.6
v2.5
v2.4
v2.3.1
v2.3
v2.2.1
v2.2
v2.1.2
v2.1.1
v2.1
v2.0
v1.9
v1.8.1
v1.8
v1.7
v1.6
v1.5
v1.4
v1.3
v1.2
v1.1
v1.0
Labels
Clear labels   
Stale

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spotify_monitor#17
No description provided.