Comments (39)
andshrew/PlayStation-Trophies@64ae205
from psn-php.
Experiencing the same issue. I'll try to dig a bit further, must be a recent change since everything was working fine until this morning.
from psn-php.
Thanks @Ragowit and @andshrew for the solution! Seems to be fine now -- I've pushed it to master and will draft a release for PHP <8.1 version, along with a new version that works for PHP 8.1 🥳
from psn-php.
@wescopeland I see similar behaviour. I can spot the following as a response:
body: "{\"error\":\"invalid_scope\",\"error_code\":4153,\"error_description\":\"Invalid scope\"}",
Looking into it further.
from psn-php.
@wescopeland Link is working now. I just was logged in and didn't understand
from psn-php.
Hi, I'm working on a Laravel and after setting de Npsso it returns an exception error, I think a bad request 400. It is possible that is the same thing and they changed something on the API?
Thanks.
from psn-php.
@Tustin Awesome, thank you! Can you also release a 3.0.4 when you get the chance please? :)
Should be good to go now :) Let me know if there's any other issues!
from psn-php.
Perfect.
Many thanks once again !
from psn-php.
They changed the client_id
This one doesn't work anymore:
ac8d161a-d966-4728-b0ea-ffec22f69edc
from psn-php.
@recordsome that seems correct, but which ID should work? I'll try to reverse engineer the apk if I can. I tried another ID I at https://andshrew.github.io/PlayStation-Trophies/#/APIv2?id=powershell-7. The original ID has no Location
header whatsoever, the latter does but then I get the authorization_code
error.
So it must be another ID still...
So these dont' work anymore:
ac8d161a-d966-4728-b0ea-ffec22f69edc
09515159-7237-4370-9b40-3806e67c0891
from psn-php.
Best solution is probably to pull it straight from the mobile app
from psn-php.
@wescopeland I'll try but I have never done that ^^ do you have any experience?
from psn-php.
I do but unfortunately I won't be able to attack it for another 10 hours or so :-(
What I've done previously is set up a man-in-the-middle VPN between my phone and computer using Charles and then sniff all the incoming+outgoing traffic.
from psn-php.
If you do a search by uuid in the android application code, it will not find it in plain text. So it's obfuscated
They also added protection against traffic sniffing some time ago. So now it's not possible on ios to see what's going on in the webview during authorization
from psn-php.
On the mobile app I am seeing the following URL being called:
https://ca.account.sony.com/api/authz/v3/oauth/authorize
with the following query params:
response_type: "code"
service_logo: "ps"
access_type: "offline"
scope: "psn:mobile.v2.core"
client_id: "70156ca4-e84e-4836-ade8-b254b76a9d9f"
token_format: "jwt"
There are a few more query params but they are probably specific to my account. I pulled this using Charles for iOS and sniffing the traffic.
Note that when I feed these query params into psn-api's function for exchanging an NPSSO for an access code, I get a new error saying "Invalid token".
from psn-php.
@wescopeland Parameter 'client_id' is malformed. it's missing 2 characters yet. Maybe you copied it wrong?
from psn-php.
@wescopeland Parameter 'client_id' is malformed. it's missing 2 characters yet. Maybe you copied it wrong?
Yes, updated. It appears I am able to get a code but I am not able to exchange the code for access and refresh tokens.
from psn-php.
@wescopeland Is there a redirect_uri there in the link?
from psn-php.
It's the same as before, "com.playstation.PlayStationApp://redirect"
from psn-php.
@wescopeland https://ca.account.sony.com/api/authz/v3/oauth/authorize?response_type=code&service_logo=ps&access_type=offline&token_format=jwt&scope=psn%3Amobile.v2.core&client_id=70156ca4-e84e-4836-ade8-b254b76a9d9f&redirect_uri=com.playstation.PlayStationApp%3A%2F%2Fredirect
The link doesn't work
from psn-php.
@wescopeland ca.account.sony.com/api/authz/v3/oauth/authorize?response_type=code&service_logo=ps&access_type=offline&token_format=jwt&scope=psn%3Amobile.v2.core&client_id=70156ca4-e84e-4836-ade8-b254b76a9d9f&redirect_uri=com.playstation.PlayStationApp%3A%2F%2Fredirect
The link doesn't work
const AUTH_BASE_URL = "https://ca.account.sony.com/api/authz/v3/oauth";
const queryString = new URLSearchParams({
access_type: "offline",
client_id: "70156ca4-e84e-4836-ade8-b254b76a9d9f",
redirect_uri: "com.playstation.PlayStationApp://redirect",
response_type: "code",
scope: "psn:mobile.v2.core"
}).toString();
const requestUrl = `${AUTH_BASE_URL}/authorize?${queryString}`;
const response = await fetch(requestUrl, {
headers: {
Cookie: `npsso=${npssoToken}`
},
redirect: "manual"
});
This is the code I am executing to get a successful 302 response with an access code.
from psn-php.
@wescopeland Also need change parameters In the request to receive tokens by code
POST https://ca.account.sony.com/api/authz/v3/oauth/token
There is a Header Basic YWM4ZDE2MWEtZDk2Ni00NzI4LWIwZWEtZmZlYzIyZjY5ZWRjOkRFaXhFcVhYQ2RYZHdqMHY=
Need to update also. Can you check what's going What happens next webview. We need to check the token receipt request
from psn-php.
The /token call unfortunately is completely failing for me. In the mobile app I am seeing them hit a different /token endpoint. I don't know if it has always been this way or if this is a recent change.
In the iOS mobile app, after /authorize, I see:
POST https://ca.account.sony.com/api/v1/oauth/token
from psn-php.
Yes, you are likely facing the same issue we are trying to hunt down.
from psn-php.
Yes, you are likely facing the same issue we are trying to hunt down.
Ok, thank you.
from psn-php.
After using the token url you posted above, I for now get the following response:
# Note: the 'JSON: %{' is just Elixir, I decoded the return body from the POST
JSON: %{
"docs" => "https://auth.api.sonyentertainmentnetwork.com/docs/",
"error" => "invalid_grant",
"error_code" => 1,
"error_description" => "Bad request"
}
I'm guessing it is not the correct token url after all... If only we could read the docs they supply 😆
from psn-php.
Yeah I am feeling a bit stuck here, as it seems "psn:mobile.v1" and "psn:clientapp" are no longer valid scopes for the auth code endpoint.
from psn-php.
@wescopeland I agree. I tried a couple of combinations of those two and the new one you found, but the only one even passing the initial auth call is psn:mobile.v2.core
.
from psn-php.
@jeroenbourgois What request are you making to get invalid_grant?
from psn-php.
On the mobile app I am seeing the following URL being called:
https://ca.account.sony.com/api/authz/v3/oauth/authorize
with the following query params:
response_type: "code" service_logo: "ps" access_type: "offline" scope: "psn:mobile.v2.core" client_id: "70156ca4-e84e-4836-ade8-b254b76a9d9f" token_format: "jwt"
There are a few more query params but they are probably specific to my account. I pulled this using Charles for iOS and sniffing the traffic.
Note that when I feed these query params into psn-api's function for exchanging an NPSSO for an access code, I get a new error saying "Invalid token".
Is it possible for you to find the client_secret
in the request? Or if not, possibly the Authorization header that should be getting sent to authz/v3/oauth/token
? I'm assuming since Sony changed the entire scope that they probably just deleted the old OAuth client. I don't have my environment set up atm to sniff the new requests unfortunately.
from psn-php.
I hope this is not too convoluted:
%HTTPoison.Response{
status_code: 400,
body: "{\"error\":\"invalid_grant\",\"error_description\":\"Bad request\",\"docs\":\"https://auth.api.sonyentertainmentnetwork.com/docs/\",\"error_code\":1}",
headers: [
{"Server", "nginx"},
{"Content-Type", "application/json;charset=UTF-8"},
{"X-Psn-Request-Id", "9ab2aee91f117d5c0dd2092a4dfd25b3"},
{"X-Psn-Correlation-Id", "eb617da6-63f0-4ed6-9636-cabb62f6eb78"},
{"X-RequestId", "9ab2aee91f117d5c0dd2092a4dfd25b3"},
{"X-CorrelationId", "eb617da6-63f0-4ed6-9636-cabb62f6eb78"},
{"X-Content-Type-Options", "nosniff"},
{"Cache-Control", "no-store"},
{"Content-Length", "135"},
{"Date", "Tue, 13 Dec 2022 17:42:02 GMT"},
{"Connection", "close"},
{"Set-Cookie",
SOME_COOKIE; Domain=.sony.com; Path=/; Expires=Tue, 20 Dec 2022 17:42:02 GMT; Max-Age=604800; Secure"},
{"Set-Cookie",
SOME_COOKIE; Domain=.sony.com; Path=/; Expires=Tue, 13 Dec 2022 21:42:02 GMT; Max-Age=14400"}
],
request_url: "https://ca.account.sony.com/api/v1/oauth/token",
request: %HTTPoison.Request{
method: :post,
url: "https://ca.account.sony.com/api/v1/oauth/token",
headers: [
{"Authorization",
"Basic MDk1MTUxNTktNzIzNy00MzcwLTliNDAtMzgwNmU2N2MwODkxOnVjUGprYTV0bnRCMktxc1A="},
{"Content-Type", "application/x-www-form-urlencoded"}
],
body: "code=v3.dmdr&grant_type=authorization_code&redirect_uri=com.playstation.PlayStationApp%3A%2F%2Fredirect&scope=psn%3Amobile.v2.core&token_format=jwt",
params: %{},
options: []
}
}
Note I also updated the Basic AUTH hash I found somewhere else. So as @Tustin was hinting at, it could be part of the solution to have the correct Basic auth hash.
from psn-php.
I've upgraded from the master... I still have the issue :/
Am I the only one ? @Ragowit @Tustin ?
from psn-php.
I've upgraded from the master... I still have the issue :/ Am I the only one ? @Ragowit @Tustin ?
Are you getting the same error as before? If so, please double check the Client.php file that you have in your vendor/psn-php folder and ensure the new client_id is set.
from psn-php.
Are you getting the same error as before? If so, please double check the Client.php file that you have in your vendor/psn-php folder and ensure the new client_id is set.
I've checked it twice.
And this is the error
Fatal error: Uncaught Tustin\Haste\Exception\ApiException in /core/vendor/tustin/haste/src/Http/Middleware/ResponseHandlerMiddleware.php:58
Stack trace:
/core/vendor/tustin/haste/src/Http/Middleware/ResponseHandlerMiddleware.php(32): Tustin\Haste\Http\Middleware\ResponseHandlerMiddleware->handleErrorResponse()
/core/vendor/guzzlehttp/promises/src/FulfilledPromise.php(41): Tustin\Haste\Http\Middleware\ResponseHandlerMiddleware->__invoke()
/core/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise{closure}()
/core/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Promise\TaskQueue->run()
/core/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn()
/core/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
/core/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
/core/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
/core/vendor/guzzlehttp/guzzle/src/Client.php(187): GuzzleHttp\Promise\Promise->wait()
/core/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\Client->request()
/core/vendor/tustin/haste/src/Http/HttpClient.php(52): GuzzleHttp\Client->post()
/core/vendor/tustin/psn-php/src/Client.php(139): Tustin\Haste\Http\HttpClient->post()
/core/psnApi/psnapi.class.php(46): Tustin\PlayStation\Client->loginWithRefreshToken()
{main}
thrown in /core/vendor/tustin/haste/src/Http/Middleware/ResponseHandlerMiddleware.php on line 58
from psn-php.
I also still have issues with the update:
{"error":"invalid_scope","error_description":"Invalid scope","error_code":4153,"error_uri":"https://auth.api.sonyentertainmentnetwork.com/openapi/docs","error_details":{"parameter":"[psn:clientapp, psn:mobile.v1]"}}
{"error":{"referenceId":"51ee451e-5f5c-474e-ae19-96cef245473e","code":3415813,"message":"Friend finder requires a valid account","reason":"invalid_parameter","source":"api"}}
from psn-php.
@vicegold You haven't updated. The error code states "{"parameter":"[psn:clientapp, psn:mobile.v1]"}}
", the new version have clientapp updated to "psn:mobile.v2.core
" (among other things)
from psn-php.
@vicegold You haven't updated. The error code states "
{"parameter":"[psn:clientapp, psn:mobile.v1]"}}
", the new version have clientapp updated to "psn:mobile.v2.core
" (among other things)
I did, the issue is, that only loginWithNpsso
was updated. loginWithRefreshToken
still uses the old parameters.
from psn-php.
@vicegold You haven't updated. The error code states "
{"parameter":"[psn:clientapp, psn:mobile.v1]"}}
", the new version have clientapp updated to "psn:mobile.v2.core
" (among other things)I did, the issue is, that only
loginWithNpsso
was updated.loginWithRefreshToken
still uses the old parameters.
You're right, my mistake. Will push a fix right now!
from psn-php.
@Tustin Awesome, thank you! Can you also release a 3.0.4 when you get the chance please? :)
from psn-php.
Related Issues (20)
- Problem when getting platform of trophy after update HOT 4
- Trophy::earned returns null HOT 6
- Change in : foreach ($trophyTitle->platform () as $platform) HOT 5
- PlayTime aren't updated anymore HOT 5
- Performance issues with latest version? HOT 2
- Offset 128 does not exist HOT 2
- How to alter the language / localization of games and trophies? HOT 6
- isOnline doesn't work HOT 6
- Check if a title_id is a game HOT 2
- All trophies to all games HOT 2
- Doubts about token expiration time HOT 2
- How Can I Show Every AccountId Searched? HOT 15
- Can't login with refresh token. Only with NPSSO HOT 1
- Trophy EarnedDateTime and Progress can't be retrieved at the same time HOT 3
- Fatal error using $query = $client->users()->search($id); Offset 128
- problem with $client->loginWithNpsso HOT 1
- Trophy Earned Rate Not Working Anymore? HOT 12
- Search for a specific game of a user by npCommunicationId() instead of the name HOT 6
- 'HTTP Status 429' for 'https://ca.account.sony.com/api/v1/ssocookie' HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from psn-php.