HTTP 403 on Auth

[Sn0wCrack]

• version: 1.21
• node version: v14.14.0
• npm (or yarn) version: 6.14.8

Do you want to request a feature or report a bug?: Bug

What is the current behavior?: Currently authenticating to Pixiv's API is throwing a 403 due to a Cloudflare ratelimit page requesting me to complete a captcha to continue

What is the expected behavior?: Authentication should succeed.

Suggested solution: It appears the Pixiv.py team are working through the same issue here: upbit/pixivpy#140

I personally edited my local dependency for testing and simply adding a 'User-Agent' header with the following value seems to have fixed the issue: PixivAndroidApp/5.0.115 (Android 6.0; PixivBot)

Perhaps adding an option to specify a User-Agent header would allow us to easily bypass this issue for the time being.

[cyperdark]

can i ask you to try something?
replace code in your index.js (un module/dist) to this https://github.com/akameco/pixiv-app-api/blob/e84bb2513c3c0fffc4875ac17a0b15c22f90133c/src/index.ts and try again
it's helped me

[Sn0wCrack]

@cyperdark
I can confirm those changes seem to have fixed the issue.

I had actually tried that out myself on just the login request and not the instance, but adding it to the instance as well doesn't appear to break anything from what I can tell.

[klerikdust]

can i ask you to try something?
replace code in your index.js (un module/dist) to this https://github.com/akameco/pixiv-app-api/blob/e84bb2513c3c0fffc4875ac17a0b15c22f90133c/src/index.ts and try again
it's helped me

This seems to fix the issue on my side! I hope the PR will get merged soon. :)

[Sn0wCrack]

I'm curious if @akameco is currently active, as it appears the last time he actively contributed to a repo was mid-may, and he appears to be marked as busy on GitHub, so I'm assuming the PR might be falling on deaf ears at the minute.

[Sn0wCrack]

Just as a comment to this, I've set up my own temporary fork that I'm publishing the dist files in and using that for the time being.

If anyone is planning on their own fork to ensure existing compatibility you should be keeping the headers relating to iOS so WEBP encoded images don't get returned (as iOS has no WEBP decoder).

Here's a link to my changes: https://github.com/Sn0wCrack/pixiv-app-api/blob/bugfix/cloudflare-captcha/src/index.ts#L41

[Sn0wCrack]

As an update I've had to change the user agent again, I believe some level of randomization might need to happen to ensure the user agent isn't banned.

[WellingtonBeef2]

The user header changes were working for a while, though the API seems to throw a 400 error once again (invalid grant). Not sure if this is an extension of this issue or if a new issue needs to be opened up.

Edit: Looks like Pixiv added some new password requirements a week ago that cause API logins of accounts with weak passwords to fail. Once I updated my password to their new standards (letters, numbers, symbols), the login worked fine.

[roytam1]

they took away username+password login from oauth server today. see upbit/pixivpy#158

[Sn0wCrack]

@roytam1
Interestingly my app still seems to work using the user-agent changes from my fork of this library.

[roytam1]

Interestingly my app still seems to work using the user-agent changes from my fork of this library.

if you're using refresh_token to get new access_token then you're unaffected.
but once you logged out or new-install, you're unable to login.

[Sn0wCrack]

Yup that looks to be what's happening here. Very annoying

[UiharuKazari2008]

@Sn0wCrack how would i implement your update, i have tried changing my package.json to your repo and now im getting a error that it has no main section. Do i just put the refreshToken in the options object when creation the new pixiv client?

[UiharuKazari2008]

Nevermind i migrated to pixiv-api-client and just implemented a token refresh and notification system