Created
January 6, 2022 16:09
-
-
Save superdima05/04601c6b15d5eeb1c376535579d08a99 to your computer and use it in GitHub Desktop.
New Yandex authorization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests, json | |
import urllib.parse | |
from bs4 import BeautifulSoup | |
login = "" | |
password = "" | |
secondAttempt = "" # Enter your trackID, if you were redirected to verification page. | |
# For Charles | |
verify = True | |
proxies = None | |
# For Charles | |
# Dev settings | |
domain = "https://passport.yandex.com/" | |
clientID = "c0ebe342af7d48fbbbfcf2d2eedb8f9e" | |
clientSecret = "ad0a908f0aa341a182a37ecd75bc319e" | |
clientID2 = "23cabbbdc6cd418abb4b39c32c41195d" | |
clientSecret2 = "53bc75238f0c4d08a118e51fe9203300" | |
# Dev settings | |
uids = {"yandexuid": None, "uniqueuid": None, "theme": "dark", "_ym_isad": "2", "_ym_visorc": "b"} | |
r = requests.get(domain+"am?app_platform=ios&app_id=ru.yandex.mobile.music", verify = verify, proxies = proxies) | |
for i in r.cookies: | |
uids[i.name] = i.value | |
soup = BeautifulSoup(r.text, 'html.parser') | |
c = soup.find_all("form", {"action": domain+"auth"})[0] | |
csrfToken = c.find_all("input", {"name": "csrf_token"})[0].get('value') | |
# Step1 Auth (Get track_id) | |
if secondAttempt == "": | |
trackID = None | |
r = requests.post(domain+"registration-validations/auth/multi_step/start", verify = verify, proxies = proxies, cookies = uids, data = {"csrf_token": csrfToken, "login": login, "app_id": "ru.yandex.mobile.music", "appId": "ru.yandex.mobile.music", "am_version_name": "6.6.1", "app_platform": "ios", "isAm": True}) | |
j = json.loads(r.text) | |
trackID = j['track_id'] | |
else: | |
trackID = secondAttempt | |
# Step2 Commit password and get Session_id, if password correct | |
sessionID = None | |
r = requests.post(domain+"registration-validations/auth/multi_step/commit_password", verify = verify, proxies = proxies, cookies = uids, data = {"csrf_token": csrfToken, "password": password, "track_id": trackID, "retpath": domain+"am/finish?status=ok&from=Login"}) | |
j = json.loads(r.text) | |
if 'state' in j and j['state'] == "auth_challenge": | |
exit("Open "+domain+j['redirect_url'][1:]+" and then try again with this trackID: "+trackID) # Very important note! Don't allow browser to redirect after phone confirmation, because trackID will become invalid. | |
if j['status'] != "ok": | |
exit(j) | |
for i in r.cookies: | |
if i.name == "Session_id": | |
sessionID = i.value | |
# Step3 get access_token by sessionID | |
headers = { | |
"Ya-Client-Host": "yandex.com", | |
"Accept-Language": "en-US;q=1", | |
"Ya-Client-Cookie": "Session_id="+sessionID+";" | |
} | |
data = { | |
"client_id": clientID, | |
"client_secret": clientSecret, | |
"grant_type": "sessionid", | |
"host": "yandex.com" | |
} | |
url = "https://mobileproxy.passport.yandex.net/1/bundle/oauth/token_by_sessionid?app_id=ru.yandex.mobile.music" | |
r = requests.post(url, data = data, headers = headers, verify = verify, proxies = proxies) | |
accessToken = json.loads(r.text)['access_token'] #This access token can't be used in Yandex.Music | |
# Step4 Exchange unknown accessToken to Yandex.Music access token | |
data = { | |
"access_token": accessToken, | |
"client_id": clientID2, | |
"client_secret": clientSecret2, | |
"grant_type": "x-token" | |
} | |
r = requests.post("https://mobileproxy.passport.yandex.net/1/token", data = data) | |
print(r.text) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment