dzr icon indicating copy to clipboard operation
dzr copied to clipboard
verified publisher icon yne

get_url return "no sufficient rights"

Open yne opened this issue 1 year ago • 12 comments

Since 2025-03-07 (so 4 years after the latest deezer API), https://media.deezer.com/v1/get_url stopped returning tracks URL for the USER_ID:0 that dzr exploited to get it's tracks urls.

[
  {
    "code": 1002,
    "message": "License token has no sufficient rights on requested media."
  }
]

I'm open to alternative API suggestions.

yne avatar Mar 08 '25 09:03 yne

comparing user0 profile and my own, using deezer.getUserData:

j=await fetch('https://www.deezer.com/ajax/gw-light.php?input=3&api_version=1.0&method=deezer.getUserData&api_token=').then(e=>e.json())

We see that results.USER.OPTIONS.web_streaming differ (true for me false for user0) on top of usual diff:

  • .results.USER.OPTIONS.license_token << seems to be the value porting the right to stream
  • .results.SESSION_ID
  • .results.USER_TOKEN
  • .results.PLAYER_TOKEN
  • .results.checkForm
  • .results.checkFormLogin (only for user0)

Also, giving consent to have my data used for ads don't change this endpoint result

yne avatar Mar 08 '25 13:03 yne

I gues, this is the reason, why dzr is not working anymore?

Any chance for an option to add own (free) deezer-account/-profile to get dzr working again?

demlak avatar Mar 14 '25 21:03 demlak

sure it's going to be the chosen solution. but I also wonder if a single hardcoded token would also work (they don't seems to expire)

yne avatar Mar 22 '25 06:03 yne

from my testing, the token have a validity of 14days. So hardcoding one won't do.

I'll add a way to give this token from a value given by a JS snippet that can be run in browser debugger.

yne avatar Apr 07 '25 06:04 yne

Well I really wanted to get this deezer cli app to work again since its nice to be able to use it on just about everything

All you need to do is login to deezer in a desktop web browser and hit f12

In chrome or edge, goto the application section and navigate to cookies

You want to copy the sid and arl cookies

The api_token value should be visible in many of the network requests

Copy that down

Then change the dzr-url file to put these values into it like so:

on line 8:

  method="$1"; session="$2" ;apiToken="8%DEcuxNc9/u!KUK]fi}6_ZaHhFutZ7g" ; shift 3 # curl args

on line 9:

$FETCH "https://www.deezer.com/ajax/gw-light.php?method=$method&input=3&api_version=1.0&api_token=$apiToken" --header "Cookie: sid=fr798cae9934cc33808eeff190783eeaa32345c" --header "Cookie: arl=42c5c6db4291873a4b4fa001b8aa5a42eb242ee99171638b9567315d8b8331e9e2a935f5cd422360d68aa3e0836e2c9c5d4b95553c5e1207438238e668e032ec2d728e86166850651698417e962694125c7350022f2103c96925f2d50b470587" "$@"

Note: For some reason some of the values can be encoded.

On my api token, the last character was %7E, it wouldn't work when I just tried to add that in, I had to decode it to ~

tech128 avatar Jun 01 '25 10:06 tech128

@tech128 : Is there a way to get the sid from a given arl ?

The goal would be to let the user define it DZR_ARL env variable, then derive all the rest from it.

yne avatar Jun 01 '25 12:06 yne

Well.. if logging in and using a login-arl, there are several solutions out there.. maybe it is an idea to take a look how it is done in their code?

For Example: https://github.com/DJDoubleD/refreezer or https://github.com/duzda/deezer-enhanced

demlak avatar Jun 01 '25 12:06 demlak

Based on @tech128 fix, I succeed to make dzr work using only the ARL variable. See https://github.com/yne/dzr/commit/b149adc79becd5109d42800ac68a64ba32292486#diff-6da4f5adf751a06573e66bf0aca52ca46c0c473bf336348470be0bcd316374e0R9 I'll publish a version that use env DZR_ARL. I'll publish later the vscode version

yne avatar Jun 01 '25 17:06 yne

How to find my ARL

  1. log to deezer.com
  2. While on deezer player page, press Ctrl+Shift+i to open the Developer Panel
  3. Click on the Application tab > Storage side menu > Cookies > deezer.com > search for the arl line
  4. You shall see something like this:
    Image
  5. double-click on the value, then copy
  6. Add a line export DZR_ARL=xxxxxxx in your .bashrc or .kshrc or whatever and reload your terminal before running dzr

yne avatar Jun 01 '25 17:06 yne

You can also visit https://www.deezer.com/desktop/login/electron/callback and extract the ARL from the link in the "Open Deezer Music" button.

freijon avatar Jun 01 '25 19:06 freijon

Thanks for the headsup @freijon here is the updated warning with your callback URL https://github.com/yne/dzr/commit/81ae7d8e9dcd0f73e14ceac14307eab3dc08b6c9

yne avatar Jun 01 '25 21:06 yne

Hey @yne I was experiencing this error when writing my code in Kotlin and it was because I didn't validate this in the ARL response.

https://gitlab.com/RemixDev/deezer-js/-/blob/main/deezer/index.js?ref_type=heads#L85

gw api responds well to everything even if userId is 0, but when using media api it returns license token error. I hope it helps.

My code (check is a function raise exception if the param is false) Image

kingg22 avatar Jun 07 '25 20:06 kingg22

Thabks for the VSCode update!

xabolcs avatar Jun 13 '25 12:06 xabolcs

I think this issue can now be closed. Until we found another hole in the API to avoid using ARL

yne avatar Jun 13 '25 19:06 yne