[GH-ISSUE #781] Missing Authorization header in browser.json causes wrong AuthType detection (OAUTH_CUSTOM_CLIENT instead of BROWSER) #497

New issue

Closed

opened 2026-02-27 23:01:07 +03:00 by kerem · 12 comments

kerem commented 2026-02-27 23:01:07 +03:00

Owner

Copy link

Originally created by @Serelue on GitHub (Jun 29, 2025).
Original GitHub issue: https://github.com/sigma67/ytmusicapi/issues/781

• I confirm that I have read the FAQ

Describe the bug

Hello, I manually created browser.json following the guide (https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html#manual-file-creation)

However, ytmusicapi recognizes this file as AuthType.OAUTH_CUSTOM_CLIENT instead of AuthType.BROWSER, which causes an error.

Traceback (most recent call last):
  File "D:\dev\dev6.py", line 4, in <module>
    ytmusic = YTMusic("./browser.json")
  File "D:\dev\.venv\lib\site-packages\ytmusicapi\ytmusic.py", line 105, in __init__
    raise YTMusicUserError(
ytmusicapi.exceptions.YTMusicUserError: oauth JSON provided via auth argument, but oauth_credentials not provided.Please provide oauth_credentials as specified in the OAuth setup documentation.

I've written the solution below, but I'm not sure if this is a documentation issue or a code issue, so I'm posting this as a bug.

ytmusicapi version

1.10.3

To Reproduce

from ytmusicapi import YTMusic

ytmusic = YTMusic("./browser.json")
print(ytmusic.search("Never Gonna Give You Up"))

Additional context

browser.json file I used in my first attempt was:

{
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
    "Accept": "*/*",
    "Accept-Language": "en-US,en;q=0.5",
    "Content-Type": "application/json",
    "X-Goog-AuthUser": "0",
    "x-origin": "https://music.youtube.com",
    "Cookie" : "<COOKIE>"
}

I was looking for where the error occurs and I found the determine_auth_type func.

# ytmusicapi.auth.auth_parse.py
# line 34
def determine_auth_type(auth_headers: CaseInsensitiveDict) -> AuthType:
    """
    Determine the type of auth based on auth headers.

    :param auth_headers: auth headers dict
    :return: AuthType enum
    """
    auth_type = AuthType.OAUTH_CUSTOM_CLIENT
    if OAuthToken.is_oauth(auth_headers):
        auth_type = AuthType.OAUTH_CUSTOM_CLIENT

    if authorization := auth_headers.get("authorization"):
        if "SAPISIDHASH" in authorization:
            auth_type = AuthType.BROWSER
        elif authorization.startswith("Bearer"):
            auth_type = AuthType.OAUTH_CUSTOM_FULL

    return auth_type

I suspected that the issue was caused by browser.json(self._auth_headers, auth_headers) failing to find the Authorization header

because this header was displayed in the browser request.

Authorization header (on browser)
SAPISIDHASH asdfasdfasdfasdf SAPISID1PHASH asdfasdfasdfasdf SAPISID3PHASH asdfasdfasdfasdf

I changed browser.json like this, and it works,

{
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
    "Accept": "*/*",
    "Authorization": "SAPISIDHASH asdfasdfasdfasdf SAPISID1PHASH asdfasdfasdfasdf SAPISID3PHASH asdfasdfasdfasdf",
    "Accept-Language": "en-US,en;q=0.5",
    "Content-Type": "application/json",
    "X-Goog-AuthUser": "0",
    "x-origin": "https://music.youtube.com",
    "Cookie" : "<COOKIE>"
}

https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html#manual-file-creation

There was nothing about Authorization header in the documentation. (or maybe it's my mistake)

Originally created by @Serelue on GitHub (Jun 29, 2025). Original GitHub issue: https://github.com/sigma67/ytmusicapi/issues/781 - [x] I confirm that I have read the [FAQ](https://ytmusicapi.readthedocs.io/en/stable/faq.html#why-is-ytmusicapi-returning-more-results-than-requested-with-the-limit-parameter) **Describe the bug** Hello, I manually created browser.json following the guide (https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html#manual-file-creation) However, ytmusicapi recognizes this file as AuthType.OAUTH_CUSTOM_CLIENT instead of AuthType.BROWSER, which causes an error. ```bash Traceback (most recent call last): File "D:\dev\dev6.py", line 4, in <module> ytmusic = YTMusic("./browser.json") File "D:\dev\.venv\lib\site-packages\ytmusicapi\ytmusic.py", line 105, in __init__ raise YTMusicUserError( ytmusicapi.exceptions.YTMusicUserError: oauth JSON provided via auth argument, but oauth_credentials not provided.Please provide oauth_credentials as specified in the OAuth setup documentation. ``` I've written the solution below, but I'm not sure if this is a documentation issue or a code issue, so I'm posting this as a bug. **ytmusicapi version** 1.10.3 **To Reproduce** ```python from ytmusicapi import YTMusic ytmusic = YTMusic("./browser.json") print(ytmusic.search("Never Gonna Give You Up")) ``` **Additional context** browser.json file I used in my first attempt was: ```json { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Content-Type": "application/json", "X-Goog-AuthUser": "0", "x-origin": "https://music.youtube.com", "Cookie" : "<COOKIE>" } ``` I was looking for where the error occurs and I found the determine_auth_type func. ```python # ytmusicapi.auth.auth_parse.py # line 34 def determine_auth_type(auth_headers: CaseInsensitiveDict) -> AuthType: """ Determine the type of auth based on auth headers. :param auth_headers: auth headers dict :return: AuthType enum """ auth_type = AuthType.OAUTH_CUSTOM_CLIENT if OAuthToken.is_oauth(auth_headers): auth_type = AuthType.OAUTH_CUSTOM_CLIENT if authorization := auth_headers.get("authorization"): if "SAPISIDHASH" in authorization: auth_type = AuthType.BROWSER elif authorization.startswith("Bearer"): auth_type = AuthType.OAUTH_CUSTOM_FULL return auth_type ``` I suspected that the issue was caused by browser.json(self._auth_headers, auth_headers) failing to find the Authorization header because this header was displayed in the browser request. ```plain Authorization header (on browser) SAPISIDHASH asdfasdfasdfasdf SAPISID1PHASH asdfasdfasdfasdf SAPISID3PHASH asdfasdfasdfasdf ``` I changed browser.json like this, and it works, ```json { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36", "Accept": "*/*", "Authorization": "SAPISIDHASH asdfasdfasdfasdf SAPISID1PHASH asdfasdfasdfasdf SAPISID3PHASH asdfasdfasdfasdf", "Accept-Language": "en-US,en;q=0.5", "Content-Type": "application/json", "X-Goog-AuthUser": "0", "x-origin": "https://music.youtube.com", "Cookie" : "<COOKIE>" } ``` https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html#manual-file-creation There was nothing about Authorization header in the documentation. (or maybe it's my mistake)

kerem 2026-02-27 23:01:07 +03:00

• closed this issue
• added the
  bug
  documentation
  labels

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@sigma67 commented on GitHub (Aug 30, 2025):

How did you create browser.json ? I don't think the example in the docs is up to date and complete, therefore I recommend to use the CLI.

<!-- gh-comment-id:3239501612 --> @sigma67 commented on GitHub (Aug 30, 2025): How did you create browser.json ? I don't think the example in the docs is up to date and complete, therefore I recommend to use the CLI.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@Serelue commented on GitHub (Aug 31, 2025):

How did you create browser.json ? I don't think the example in the docs is up to date and complete, therefore I recommend to use the CLI.

I don't remember exactly, but for some reason there was a problem with the CLI, so I created it manually.

<!-- gh-comment-id:3239639060 --> @Serelue commented on GitHub (Aug 31, 2025): > How did you create browser.json ? I don't think the example in the docs is up to date and complete, therefore I recommend to use the CLI. I don't remember exactly, but for some reason there was a problem with the CLI, so I created it manually.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@CodinMoldovanu commented on GitHub (Sep 8, 2025):

I've run into this as well, even when using the ytmusicapi browser option, it doesn't ouput an Authorization field.

<!-- gh-comment-id:3268136998 --> @CodinMoldovanu commented on GitHub (Sep 8, 2025): I've run into this as well, even when using the `ytmusicapi browser` option, it doesn't ouput an Authorization field.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@sigma67 commented on GitHub (Sep 9, 2025):

Having a closer look at this it seems the format has changed: https://stackoverflow.com/questions/79378674/figuring-out-google-hashing-algorithm-for-sapisidhash-used-on-youtube-subscribe

<!-- gh-comment-id:3269106047 --> @sigma67 commented on GitHub (Sep 9, 2025): Having a closer look at this it seems the format has changed: https://stackoverflow.com/questions/79378674/figuring-out-google-hashing-algorithm-for-sapisidhash-used-on-youtube-subscribe

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@joshhubert-dsp commented on GitHub (Sep 10, 2025):

Yeah it looks like auth/browser.py doesn't correctly handle the current format for copied headers from Chrome. To be clear, the only thing missing from the minimal manual example in the docs is the "Authorization" field, so probably worth just telling Chrome users to use that.

<!-- gh-comment-id:3273408035 --> @joshhubert-dsp commented on GitHub (Sep 10, 2025): Yeah it looks like `auth/browser.py` doesn't correctly handle the current format for copied headers from Chrome. To be clear, the only thing missing from the minimal manual example in the docs is the "Authorization" field, so probably worth just telling Chrome users to use that.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@sigma67 commented on GitHub (Sep 10, 2025):

I would be in favor of fixing the issue additionally. What is going wrong for Chrome?

<!-- gh-comment-id:3273461568 --> @sigma67 commented on GitHub (Sep 10, 2025): I would be in favor of fixing the issue additionally. What is going wrong for Chrome?

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@joshhubert-dsp commented on GitHub (Sep 10, 2025):

When directly copying the header from dev tools starting from "accept", there are no key/value delimiters, everything's just on its own line like:

accept
*/*
accept-encoding
gzip, deflate, br, zstd
accept-language
en-US,en;q=0.9
authorization
SAPISIDHASH ... SAPISID1PHASH ... SAPISID3PHASH ...
...

and that's not being handled properly. The function does header = content.split(": ") for each line, and for me at least ": " doesn't appear in the text.

So I end up with:

  File "ytmusicapi/auth/browser.py", line 51, in setup_browser
    raise YTMusicUserError(
ytmusicapi.exceptions.YTMusicUserError: The following entries are missing in your headers: cookie, x-goog-authuser. Please try a different request (such as /browse) and make sure you are logged in.

<!-- gh-comment-id:3273505995 --> @joshhubert-dsp commented on GitHub (Sep 10, 2025): When directly copying the header from dev tools starting from "accept", there are no key/value delimiters, everything's just on its own line like: ``` accept */* accept-encoding gzip, deflate, br, zstd accept-language en-US,en;q=0.9 authorization SAPISIDHASH ... SAPISID1PHASH ... SAPISID3PHASH ... ... ``` and that's not being handled properly. The function does `header = content.split(": ")` for each line, and for me at least ": " doesn't appear in the text. So I end up with: ``` File "ytmusicapi/auth/browser.py", line 51, in setup_browser raise YTMusicUserError( ytmusicapi.exceptions.YTMusicUserError: The following entries are missing in your headers: cookie, x-goog-authuser. Please try a different request (such as /browse) and make sure you are logged in. ```

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@srajangarg commented on GitHub (Sep 19, 2025):

yeah, somehow chrome changed this recently. no longer has the : delimiters. for now, i just manually added them myself, but it sucks to do that

<!-- gh-comment-id:3312978642 --> @srajangarg commented on GitHub (Sep 19, 2025): yeah, somehow chrome changed this recently. no longer has the `:` delimiters. for now, i just manually added them myself, but it sucks to do that

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@joshhubert-dsp commented on GitHub (Sep 20, 2025):

Ohhh, I totally missed the "Raw" checkbox at the top of the headers section in Chrome dev tools. That adds back the delimiters and solves the problem.

<!-- gh-comment-id:3314624122 --> @joshhubert-dsp commented on GitHub (Sep 20, 2025): Ohhh, I totally missed the "Raw" checkbox at the top of the headers section in Chrome dev tools. That adds back the delimiters and solves the problem.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@sigma67 commented on GitHub (Oct 21, 2025):

The checkbox is missing for HTTP2 requests so that's not a solution. Unfortunately there is no way around this (uncalled for) change by Chrome. So I'm tempted to just remove the Chrome part from the documentation and require to use Firefox.

<!-- gh-comment-id:3429170301 --> @sigma67 commented on GitHub (Oct 21, 2025): The checkbox is missing for HTTP2 requests so that's not a solution. Unfortunately there is no way around this (uncalled for) change by Chrome. So I'm tempted to just remove the Chrome part from the documentation and require to use Firefox.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@blahster commented on GitHub (Nov 27, 2025):

Chrome instructions are now updated.
Essentially, you can use “Copy as fetch (Node.js)” instead to copy headers and clean it up a bit to include only the necessary fields.

<!-- gh-comment-id:3583955466 --> @blahster commented on GitHub (Nov 27, 2025): [Chrome instructions](https://ytmusicapi.readthedocs.io/en/stable/setup/browser.html) are now updated. Essentially, you can use “Copy as fetch (Node.js)” instead to copy headers and clean it up a bit to include only the necessary fields.

kerem commented 2026-02-27 23:01:08 +03:00

Author

Owner

Copy link

@sigma67 commented on GitHub (Nov 27, 2025):

https://github.com/sigma67/ytmusicapi/pull/833

thanks @blahster

<!-- gh-comment-id:3585177815 --> @sigma67 commented on GitHub (Nov 27, 2025): https://github.com/sigma67/ytmusicapi/pull/833 thanks @blahster

kerem referenced this issue 2026-02-27 23:02:03 +03:00

[PR #678] [MERGED] search: adds functionality to remove search suggestion #699

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix-yt-dlp-link

restore-codecov-cat

unify-coverage-workflow

sigma67-security-md

rewrite-workflow

dep/update-pdm-lock

remove-2025-explore-test

get-explore-fix-top-episodes-duration

update-linters

fix-ci-pipeline

fix-827

remove-oauth-account-tests

fix-tests

fix-799

fix-remaining-tests

v2

niquests

3-10-typed

fix-758

fix-743

fix-734-continuations

add-oauthcredentials-import-doc

ytmusic-auth-refactor

fix-720

fix-721

fix-713

fix-703

add-test-analytics

update-oauth-docs

feat-670

heinrich26-patch-1

fix-675

fix-get-history

fix-648

fix-641

refactor-use-pathlib

fix-647

fix-642

fix-640

fix-633

feat-628

fix-625

models

introduce-exception-classes

improve-coverage

pytest-retry

fix-588

fix-587

fix-582

fix-569

fix-get-playlist-562

get-artist-shows

get-podcast-playlist

fix-get-album-544

library-podcasts

get-episode-progress

fix-548

brand-account-setup

album-data-mining

jcbirdwell-album-data-mining

album-data-mining-fixes

get-podcast

artist-albums-continuations

1.11.5

1.11.4

1.11.3

1.11.2

1.11.1

1.11.0

1.11.0rc1

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.2

1.8.1

1.8.0

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.0

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.2

1.4.1

1.4.0

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.1

1.1.0

1.0.2

1.0.1

1.0.0

0.25.2

0.25.1

0.25.0

0.24.1

0.24.0

0.23.0

0.22.0

0.21.0

0.20.0

0.19.5

0.19.4

0.19.3

0.19.2

0.19.1

0.19.0

0.18.0

0.17.3

0.17.2

0.17.1

0.17.0

0.16.0

0.15.1

0.15.0

0.14.3

0.14.2

0.14.1

0.14.0

0.13.1

0.13.0

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.2

0.9.1

0.9.0

0.8.1

0.8.0

0.7.1

0.7.0

0.6.1

0.6.0

0.5.2

0.5.1

0.5.0

0.4.3

0.4.2

8cc1986

0.4.1

1ac614e

Labels

Clear labels   

a/b

  

bug

  

documentation

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

  

yt-error

  

yt-update

No labels

a/b

bug

documentation

enhancement

good first issue

help wanted

invalid

pull-request

question

wontfix

yt-error

yt-update

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ytmusicapi#497

No description provided.