-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
plugins.twitch: webbrowser-based client-integrity #5414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plugins.twitch: webbrowser-based client-integrity #5414
Conversation
7fe3c52
to
d8ac534
Compare
Auth data now gets passed to the web browser. I've also changed the logic so that it tries to get an access token without a client-integrity token first. The web player did the same when the CI token was required. In order for anyone to test the webbrowser stuff, I've temporarily added the Please test this and give feedback. Nobody has bothered so far, which is disapponting. The Twitch issue thread exploded after a couple of minutes when the plugin broke, and now with an implementation available which fixes the issue (unless Twitch makes further changes), nobody even cares. |
Tested on a headless Debian server, works well with chromium.
Somewhat obviously fails when you disable headless (no DE installed)
Wonder if it's worth adding some kind of extra error reporting if the browser acts up somehow? Chromium throws |
Works on a Raspberry Pi 4 running Ubuntu 22.04 LTS Server using snap chromium.
|
The header passthrough works for auth, but it seems a bit broken if you pass in your own Client-ID or Device-ID. When you pass in a Client-ID ( |
Is this due to something specific to Chromium or something else? I see this with Falkon and Qutebrowser (which are using qtwebengine (6) which uses chromium):
|
I decided against passing through
Chromium forks needs to have the CDP built in. NW.js for example has two different builds, one with devtools and one without. It's possible that the builds of these browsers you're using have the CDP disabled in their build flags. It's also possible that they deliberately don't support it. I've never used these browsers, so I don't know. As explained in the other threads, I don't care if this doesn't cover every existing browser. This is an impossible task and I want to get the base thing working. Thanks for checking these browsers though. |
Yeah, saw the comment on various browsers and definitely understand not wanting (or being able to) support everything there is. I compile the browsers (and qtwebengine) myself, and am in touch with their developers, so I can certainly look into it deeper on that side. That hint on CDP should definitely help! Thank you! |
d8ac534
to
1934225
Compare
Out of date. You'll have to upgrade to >=4.0.0. |
1934225
to
8300a79
Compare
Works on Windows as well. Default Edge
Caching
Chrome
|
Thank you for the hard work! log
Any idea if the caching will work fine when running multiple instances at the same time? |
Works on Debian 11 (headless)
|
Does not work here with vivaldi on EndeavourOS:
But maybe I did something wrong? Tried to follow the instructions. |
Looks like Vivaldi doesn't return a response when sending the No idea. It's a proprietary browser and it's possible that it's a bug on their end or they simply don't support it. It worked in my Windows VM though, just their headless implementation didn't work properly. Surprisingly, the
|
It works however with brave on EndeavourOS:
|
8300a79
to
c5fda93
Compare
Implement client-integrity-token acquirement using the webbrowser API: 1. Generate a new device ID 2. Open www.twitch.tv/CHANNEL and intercept its request with a dummy response that returns an empty HTML document 3. Execute JS code which acquires the client-integrity token, similar to the setup of Twitch's web player 4. Parse result and check the `is_bad_bot` value 5. Cache result and device-ID on success and set the GQL API endpoint headers for the access token Also: - Add `--twitch-purge-client-integrity` - Forward any `--twitch-api-header` values to the web browser when acquiring a new client-integrity token (e.g. auth data) - Rewrite access token schema result logic: - Don't rely on `TypeError`s for checking whether a channel is offline - Propagate any `PluginError`s when parsing the API response - Always attempt to get an access token without a client-integrity token first in order to avoid having to launch the web browser when Twitch doesn't require a client-integrity token - Update tests
c5fda93
to
6323d7e
Compare
|
Resolves #5370
Also see #5380
This PR implements the client-integrity token acquirement for the Twitch access token API endpoint, based on Streamlink's newly added webbrowser API (#5380).
Not fully ready yet, hence why I'm opening this as a draft. I am primarily looking for early feedback from users.
Before I'm going to properly open this, I'll have to update the commit message body and add some tests.
Overview
--twitch-purge-client-identity
plugin argumenthttps://www.twitch.tv/CHANNEL
with an empty HTML document, and then executes JS code that implements the CI token acquirementis_bad_bot
key.is_bad_bot
is"false"
, then it caches the newly generated device-id and acquired client-integrity tokenis_bad_bot
is not"false"
, then it returnsNone
and nothing will be cached. Errors get logged.None
, then the device-id and client-integrity HTTP headers get set, which should result in a valid access tokenCurrently not implemented
Initial attempt of getting the access token without a client-integrity token (so no web browser has to be launched while Twitch has disabled the restrictions, like right now)Authentication data and other API headers set by the user currently don't get passed to the webbrowser implementationI don't think it's worth testing the CI token acquirement and mocking all the API calls. I've updated the important tests though.
Notes
It doesn't check whether the chosen channel is currently live, so it'll always acquire a client-integrity token if it's not cached. The live check is done by getting an access token. We'd have to check the live status via the GQL API, but that is delayed and thus not ideal (see the empty stream metadata issues that have popped up over the past months)And as a reminder:
a Chromium-based web browser is required in order for the webbrowser API to work. See the available options:
https://streamlink.github.io/latest/cli.html#web-browser-options
How to test
Install Streamlink from the branch of this PR (and re-install once changes are pushed).
Be aware that there are breaking changes on this and Streamlink's master branch for the upcoming 6.0.0 release.
Guide:
https://github.com/streamlink/streamlink/blob/master/CONTRIBUTING.md#pull-request-feedback
Via pip:
Example
Note:
--twitch-force-client-integrity
is added temporarily and needs to be added to get the CI token. See my comment below why.edit:
--twitch-force-client-integrity
removed again