[GH-ISSUE #32] TOTP VER = 0 incorrect in URLs #21

New issue

Closed

opened 2026-02-27 20:07:43 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 20:07:43 +03:00

Owner

Originally created by @tomballgithub on GitHub (Dec 26, 2025).
Original GitHub issue: https://github.com/misiektoja/spotify_monitor/issues/32

This is independent of the other issue I reported with TOTP_VER being 6 until loaded from URL/File.

These URLs are being used as a GET, but they include totpVer=0. However, the Spotify web client uses totpVer=61, which seems like the correct thing to do, even though this does still eventually work.

- https://open.spotify.com/api/token?reason=transport&productType=web-player&totp=142367&totpServer=142367&totpVer=0&sTime=1766727602&cTime=1766727602304&buildDate=2025-12-26&buildVer=web-player_2025-12-26_1766727602000_bd1eb8e2
- https://open.spotify.com/api/token?reason=init&productType=web-player&totp=664441&totpServer=664441&totpVer=0&sTime=1766727600&cTime=1766727600167&buildDate=2025-12-26&buildVer=web-player_2025-12-26_1766727600000_9b3ec060

Originally created by @tomballgithub on GitHub (Dec 26, 2025). Original GitHub issue: https://github.com/misiektoja/spotify_monitor/issues/32 This is independent of the other issue I reported with TOTP_VER being 6 until loaded from URL/File. These URLs are being used as a GET, but they include totpVer=0. However, the Spotify web client uses totpVer=61, which seems like the correct thing to do, even though this does still eventually work. ``` - https://open.spotify.com/api/token?reason=transport&productType=web-player&totp=142367&totpServer=142367&totpVer=0&sTime=1766727602&cTime=1766727602304&buildDate=2025-12-26&buildVer=web-player_2025-12-26_1766727602000_bd1eb8e2 - https://open.spotify.com/api/token?reason=init&productType=web-player&totp=664441&totpServer=664441&totpVer=0&sTime=1766727600&cTime=1766727600167&buildDate=2025-12-26&buildVer=web-player_2025-12-26_1766727600000_9b3ec060 ```

kerem closed this issue

2026-02-27 20:07:44 +03:00

kerem commented

2026-02-27 20:07:44 +03:00

Author

Owner

@tomballgithub commented on GitHub (Dec 26, 2025):

in generate_totp, need to save 'ver' to a global variable so that it can be used in refresh_access_token_from_sp_dc() instead of TOP_VER:

example using MAX_VER within refresh_access_token_from_sp_dc():

    params = {
        "reason": "transport",
        "productType": "web-player",
        "totp": otp_value,
        "totpServer": otp_value,
        "totpVer": MAX_VER,
    }

    if MAX_VER < 10:
        params.update({
            "sTime": server_time,
            "cTime": client_time,
            "buildDate": time.strftime("%Y-%m-%d", time.gmtime(server_time)),
            "buildVer": f"web-player_{time.strftime('%Y-%m-%d', time.gmtime(server_time))}_{server_time * 1000}_{secrets.token_hex(4)}",
        })

@tomballgithub commented on GitHub (Dec 26, 2025): in generate_totp, need to save 'ver' to a global variable so that it can be used in refresh_access_token_from_sp_dc() instead of TOP_VER: example using MAX_VER within refresh_access_token_from_sp_dc(): ``` params = { "reason": "transport", "productType": "web-player", "totp": otp_value, "totpServer": otp_value, "totpVer": MAX_VER, } if MAX_VER < 10: params.update({ "sTime": server_time, "cTime": client_time, "buildDate": time.strftime("%Y-%m-%d", time.gmtime(server_time)), "buildVer": f"web-player_{time.strftime('%Y-%m-%d', time.gmtime(server_time))}_{server_time * 1000}_{secrets.token_hex(4)}", }) ```

kerem commented

2026-02-27 20:07:44 +03:00

Author

Owner

@misiektoja commented on GitHub (Dec 27, 2025):

Lol, it seems Spotify is being super generous and just ignoring this field. Anyway, I totally missed that bug!

@misiektoja commented on GitHub (Dec 27, 2025): Lol, it seems Spotify is being super generous and just ignoring this field. Anyway, I totally missed that bug!

kerem referenced this issue

2026-02-27 20:07:48 +03:00

[PR #21] [MERGED] Fix incorrect comment #32