HTTP 403

[AIurSentoriaKD]

Recently started to occur with the .login() function

pixivpy3.utils.PixivError: [ERROR] auth() failed! check username and password.
HTTP 403. . .

After that, All this
html thing

The account credentials are correct.
The account has not been banned, i tried with a new one, it doesn't work either

I hope this is not a silly mistake on my part

[Mikubill]

Demo still works normally. Can you provide more information? Such as network environment etc.

Reference:

Python 3.9.0 (default, Oct  6 2020, 21:52:53) 
[GCC 8.3.0] on linux
>>> from pixivpy3 import *
>>> api = AppPixivAPI()
>>> api.login('...','...')
{'access_token': '...

[Xdynix]

I have the same 403 problem, no proxy or bypass used. The HTML response looks like CloudFare's captcha challenge page. Maybe we need to bypass the challenge of CF by setting User-Agent and other methods.

[Mikubill]

There is no problem using pixivpy in Japan. It may be that pixiv has applied a new region restriction to the API. Needs further testing

@upbit 日本IP登录正常，但是其他国家IP貌似会弹验证

[Xdynix]

On my side, both US (directly) and JP (proxied) IP failed.

[upbit]

I have the same 403 problem, no proxy or bypass used. The HTML response looks like CloudFare's captcha challenge page. Maybe we need to bypass the challenge of CF by setting User-Agent and other methods.

从现象看这个猜测最有可能，login接口可能被强制走CF验证了... 这招好狠

[emesh0620]

There is no problem using pixivpy in Japan.

I access from Japan, but I get 403 error.
Does it depend on the Internet environment that there are people who can access from Japan?

[Mikubill]

无法在本地复现403问题，功能完全正常，返回值就是正常的json；登陆后其他操作也没有问题

另外说到客户端，重新测试了一下
iOS客户端使用accounts.pixiv.net进行登陆，带recaptcha，登陆和回调链接为下面的两个：

https://accounts.pixiv.net/login...
https://app-api.pixiv.net/web/v1/users/auth/pixiv/start?code_challenge=....&code_challenge_method=S256&client=pixiv-ios

Android客户端解包v5.0.219以后也有了类似的验证方式，另外貌似删除了oauth.secure.pixiv.net接口（没有找到相关内容）

/* compiled from: PixivOAuthLoginService.kt */
public static final class C6770c<T, R> implements C5711g<T, R> {
...
    public final /* synthetic */ Object apply(Object obj) {
        C6787a aVar = (C6787a) obj;
        C9228j.m23839b(aVar, "it");
        return this.f22320a.f22316b.f23930b + "/web/v1/login?code_challenge=" + aVar.f22357a + "&code_challenge_method=S256&client=pixiv-android";
    }
}

作为参考，原本的请求参数部分和PixivOAuthResponse好像都做了修改

/* new v5.0.219 */
C6042s<R> c = a.f22285a.mo25627a(bVar.f26842a, bVar2.f22358a, authorizationCode.f22354a, "authorization_code", bVar.f26843b, "MOBrBDS8blbauoSck0ZfDbtuzpyT", "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj", true).mo24530c(new C6746a.C6749c(a));
C6042s<C7130e> mo25627a(@C9694y String str, @C9672c(mo29288a = "code_verifier") String str2, @C9672c(mo29288a = "code") String str3, @C9672c(mo29288a = "grant_type") String str4, @C9672c(mo29288a = "redirect_uri") String str5, @C9672c(mo29288a = "client_id") String str6, @C9672c(mo29288a = "client_secret") String str7, @C9672c(mo29288a = "include_policy") boolean z);

/* old v5.0.156 */
PixivOAuthResponse b = C4402h.m13992a().mo21264b("MOBrBDS8blbauoSck0ZfDbtuzpyT", "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj", "password", str2, password, C3841g.m12695a(), true, true);
PixivOAuthResponse mo21264b(@C6444c(mo24824a = "client_id") String str, @C6444c(mo24824a = "client_secret") String str2, @C6444c(mo24824a = "grant_type") String str3, @C6444c(mo24824a = "username") String str4, @C6444c(mo24824a = "password") String str5, @C6444c(mo24824a = "device_token") String str6, @C6444c(mo24824a = "get_secure_url") boolean z, @C6444c(mo24824a = "include_policy") boolean z2);

有可能更换了登陆API或者修改了实现方式？（才疏学浅，看得比较粗略

[upbit]

oauth.secure.pixiv.net是很久以前的版本，估计是对老版本直接禁止登陆了，这样才能把能展示recaptcha的客户端版本重定向到页面上。

不过如果加了这个，API去绕过recaptcha就比较困难了。可能得想其他验证的方案，或者搞个换access_token的方法（这样API用起来会很别扭）

[lllusion3469]

Changing this line:

pixivpy/pixivpy3/api.py

Line 29 in bcceffc

self.requests = requests.Session()

to

self.requests = cloudscraper.create_scraper()

from the cloudscraper module seems to "fix" it for me fwiw

[remiliacn]

Changing this line:

pixivpy/pixivpy3/api.py

Line 29 in bcceffc

self.requests = requests.Session()

to

self.requests = cloudscraper.create_scraper()

from the cloudscraper module seems to "fix" it for me fwiw

It fixed for me for a second, and it is not working for me now.

[lllusion3469]

The cloudscraper thing still works for me 🤷, but the underlying issue seems to be the user-agent string because changing this line

pixivpy/pixivpy3/api.py

Line 83 in bcceffc

'User-Agent': 'PixivAndroidApp/5.0.64 (Android 6.0)',

to

            'User-Agent': 'foo',

(i.e. just any random string) consistently fixes it as well for me.

[upbit]

The cloudscraper thing still works for me 🤷, but the underlying issue seems to be the user-agent string because changing this line

pixivpy/pixivpy3/api.py

Line 83 in bcceffc

'User-Agent': 'PixivAndroidApp/5.0.64 (Android 6.0)',

to

            'User-Agent': 'foo',

(i.e. just any random string) consistently fixes it as well for me.

Good job! I will test whether this method is stable as soon as possible.

[upbit]

I tried the original code, and I did not trigger 403 (in Guangdong Telecom environment and Hong Kong proxy server).
I can only guess that CloudFare may not restrict low-frequency access.

I just pushed a test version, can anyone who met 403 help verify whether it works?

Upgrade to 3.5.10(test env)
pip install -i https://test.pypi.org/simple/ PixivPy

OR pull master changes 9798741 to local

---

因为无法触发限制，有同学可以帮忙验证下这个改动是否稳定吗？可以用pip install -i https://test.pypi.org/simple/ PixivPy升级到3.5.10再试下

[Xdynix]

I tried the original code, and I did not trigger 403 (in Guangdong Telecom environment and Hong Kong proxy server).
I can only guess that CloudFare may not restrict low-frequency access.

I just pushed a test version, can anyone who met 403 help verify whether it works?

Upgrade to 3.5.10(test env)
pip install -i https://test.pypi.org/simple/ PixivPy
OR pull master changes 9798741 to local

因为无法触发限制，有同学可以帮忙验证下这个改动是否稳定吗？可以用pip install -i https://test.pypi.org/simple/ PixivPy升级到3.5.10再试下

The test version has resolved the 403 problem on my side.

[AIurSentoriaKD]

I Pulled Master changes to local, it fixes the error 403.

[upbit]

@remiliacn Can this version fix your problem?
I did not use a random User-Agent, just changed the version number.

[remiliacn]

I fixed it by using aapi = ByPassSniApi() instead of aapi = AppPixivAPI(**_REQUESTS_KWARGS)

[upbit]

I fixed it by using aapi = ByPassSniApi() instead of aapi = AppPixivAPI(**_REQUESTS_KWARGS)

This method may not be a real fix, just bypass CloudFare and connect to Pixiv directly.

[upbit]

Release 3.5.10, please upgrade: pip install PixivPy==3.5.10

[jasonkao402]

Thank you, it works!
I tried the upgraded release, this patch also fixed the 403 error in my code!

[friendlyOverlordDev]

isn't the question how and why pixiv or cf displays the message?
if you connect without an account it works, but once the PHPSESSID-cookie is set, the requests are blocked. Furthermore, even in cases where the whole request from a browser is copied, the same result is returned from pixiv, yet when trying to connect through a browser it works without issues.
In conclusion pixiv/cf can somehow figure out that they aren't getting the request from a browser but from another program...