pixivpy: auth() failed

pixivpy3.utils.PixivError: [ERROR] auth() failed! check username and password.
HTTP 400: {"has_error":true,"errors":{"system":{"message":"access_denied","code":1508}}}

换账号login也是同样错误，同设备网页可以登录。

About this issue

Original URL
State: closed
Created 5 years ago
Comments: 18 (4 by maintainers)

Links to this issue

pixivpy3 · PyPI

Commits related to this issue

Merge pull request #84 from DaRealFreak/fix/pixiv-auth fix oauth token request for pixiv, fixes #83 — committed to upbit/pixivpy by upbit 5 years ago
Fix login error. Thanks for https://github.com/upbit/pixivpy/issues/83 — committed to bebound/pixivd by bebound 5 years ago
Fix pixiv header https://github.com/upbit/pixivpy/issues/83 — committed to wxt2005/image-capture-bot-go by wxt2005 5 years ago
fix: login error, missing client time/hash header thanks to https://github.com/upbit/pixivpy/issues/83#issuecomment-527163914 — committed to everpcpc/pixiv by everpcpc 4 years ago

Most upvoted comments

updated my previous reply: X-Client-Time and X-Client-Hash header are now required and validated serverside. X-Client-Time is an RFC3339 converted timestamp X-Client-Hash consists of: md5([X-Client-Time]28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c) so f.e. with X-Client-Time: 2019-09-02T20:51:57+02:00 the X-Client-Hash is: md5(2019-09-02T20:51:57+02:0028c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c) –> 5bb0b1ec0b6e1a86d7dc18dbea2c80bf

the Authentication works with these headers now again

+16

DaRealFreak on Sep 2, 2019

Also not seeing any differences so far, just digging through the app what might have changed (Android pixiv 5.0.156):

PixivOAuthResponse mo21264b(@C6444c(mo24824a = "client_id") String str, @C6444c(mo24824a = "client_secret") String str2, @C6444c(mo24824a = "grant_type") String str3, @C6444c(mo24824a = "username") String str4, @C6444c(mo24824a = "password") String str5, @C6444c(mo24824a = "device_token") String str6, @C6444c(mo24824a = "get_secure_url") boolean z, @C6444c(mo24824a = "include_policy") boolean z2);

client_id string client_secret string grant_type string username string password string device_token string get_secure_url boolean include_policy boolean

no changes in the request parameters

PixivOAuthResponse b = C4402h.m13992a().mo21264b("MOBrBDS8blbauoSck0ZfDbtuzpyT", "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj", "password", str2, password, C3841g.m12695a(), true, true);

client_id -> MOBrBDS8blbauoSck0ZfDbtuzpyT client_secret -> lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj grant_type -> password username -> [user] password -> [password] device_token -> [token (differs from device to device)] get_secure_url -> true include_policy -> true

client ID and client secret and other values are still the same too

String str = "https://oauth.secure.pixiv.net";
...
@C6456o(mo24836a = "/auth/token")

OAuth2 URL -> https://oauth.secure.pixiv.net/auth/token

authentication URL still the same too

String format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZZZZZ", Locale.US).format(new Date());
StringBuilder sb = new StringBuilder();
sb.append(format);
sb.append("28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c");
String str2 = "Accept-Language";
String str3 = "App-OS-Version";
Request build = chain.request().newBuilder().addHeader(C3376a.HEADER_USER_AGENT, C4396d.f15045a).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8").addHeader(str2, Locale.getDefault().toString()).addHeader("App-OS", C3376a.ANDROID_CLIENT_TYPE).addHeader(str3, VERSION.RELEASE).addHeader("App-Version", "5.0.156").addHeader("X-Client-Time", format).addHeader("X-Client-Hash", C5942ab.m17017a(sb.toString())).build();

Headers: User-Agent -> PixivAndroidApp/%s (Android %s; %s) [VERSION.RELEASE, C5384a.m15939a(Build.MODEL)] Content-Type -> application/x-www-form-urlencoded;charset=UTF-8 Accept-Language -> Locale.getDefault().toString() -> [en_US,…] App-OS -> android App-Version -> 5.0.156 App-OS-Version -> 9.0.16 X-Client-Time -> new SimpleDateFormat(“yyyy-MM-dd’T’HH:mm:ssZZZZZ”, Locale.US).format(new Date()); X-Client-Hash -> md5([X-Client-Time]28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c)

X-Client-Hash is now getting validated serverside, has to match the passed md5(X-Client-Time+28c1fdd170a5204386cb1313c7077b34f83e4aaf4aa829ce78c231e05b0bae2c)

possible referer:

 return new C1605g(str, (C1606h) new C1610a().mo5828a(C3376a.HEADER_USER_AGENT, C4396d.f15045a).mo5828a("Referer", "https://app-api.pixiv.net/").mo5829a());

also the same

ok works again with this:

print(s.post(
    'https://oauth.secure.pixiv.net/auth/token',
    data={
        "client_id": "MOBrBDS8blbauoSck0ZfDbtuzpyT",
        "client_secret": "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj",
        "grant_type": "password",
        "username": "username",
        "password": "password",
        "device_token": "pixiv",
        "get_secure_url": "true",
        "include_policy": "true",
    },
    headers={
        'host': 'oauth.secure.pixiv.net',
        "user-agent": "PixivAndroidApp/5.0.156 (Android 9; ONEPLUS A6013)",
        "accept-language": "en_US",
        "app-os": "android",
        "app-os-version": "5.0.156",
        "x-client-time": "2019-09-02T20:51:57+02:00",
        "x-client-hash": "5bb0b1ec0b6e1a86d7dc18dbea2c80bf",
        "content-type": "application/x-www-form-urlencoded",
        "accept-encoding": "gzip"
    }
)

the x-client-time and x-client-hash header have to properly match, else you’ll get the 1508 error code

+12

DaRealFreak on Sep 2, 2019