pianobar icon indicating copy to clipboard operation
pianobar copied to clipboard

Published 20 hours ago verified publisher icon PromyLOPh

Logout?

Open midicase opened this issue 5 years ago • 5 comments

Love the app. Been coding a mod to it, but run into a problem when exiting/restarting and Pandora flagging my account with "Multiple Streams". Pandora is counting the successive calls to login when restarting PB and flags the account thinking it's multiple users. I have to wait a bit for them to age out the error before working again.

Is there a logout routine with Pandora to avoid this?

midicase avatar Sep 15 '18 16:09 midicase

I’m not aware of a method to terminate the current session. However the real mobile app (whose API we’re using) probably generates a token with auth.generateAccessToken, saves that and used it instead of the user’s credentials to log in, thus allowing Pandora to (properly) track the number of devices in use. We should probably do the same to avoid this issue. That doesn’t look too compilcated, so do you want to submit a pull request?

PromyLOPh avatar Sep 15 '18 16:09 PromyLOPh

I'd be glad to try, but I'm not familiar with snooping on android client. Is really any different than using tcpdump/wireshark? Though I guess the emulator would be easiest?

midicase avatar Sep 15 '18 16:09 midicase

You won’t get far with tcpdump. The protocol is encrypted on the application layer.

So your best bet would be my protocol documentation here: https://6xq.net/pandora-apidoc/json/methods/ Unfortunately the required methods (auth.generateAccessToken I believe and auth.userLogin with accessToken) are not documented yet.

The next option is looking at decompiled Java code (here: https://6xq.net/paste/olnapmut.html). Essentially you’re searching for the strings mentioned above and then something like hashtable.put("parameter", "value"). These are the queries you need to build in src/libpiano/request.c. Ping me if you need help with that.

PromyLOPh avatar Sep 15 '18 17:09 PromyLOPh

Per Pandora API docs (I do not have a developer account).

curl 'https://www.pandora.com/oauth/v1/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic ' \
  -d grant_type=authorization_code \
  -d redirect_uri="" \
  -d code=

Example response:

{
   "access_token":"eyJ6aXAiOiJERUYiLCJraWQiOi_bs8i2XKP7PM9uwHUKWgEj._TFVXhdZYGW0eY89TtBZGw",
   "token_type":"Bearer",
   "refresh_token":"eyJ6aXAiOiJERUYiL`rizKC5Yew38_u7y_mGiNspC8VsMn6x0xs.FeD5jJc9VHhX_FhVKlk9zw",
   "expires_in":14400
}

CrustyBarnacle avatar Jan 06 '21 03:01 CrustyBarnacle

pianobar is using a different API though, not sure if the token generated by oauth are valid for that API.

PromyLOPh avatar Jan 06 '21 07:01 PromyLOPh