spotify-monitor 2.0rc2__tar.gz → 2.1.1__tar.gz

{spotify_monitor-2.0rc2 → spotify_monitor-2.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spotify_monitor
-Version: 2.0rc2
+Version: 2.1.1
 Summary: Tool implementing real-time tracking of Spotify friends music activity
 Author-email: Michal Szymanski <misiektoja-pypi@rm-rf.ninja>
 License-Expression: GPL-3.0-or-later
@@ -29,6 +29,10 @@ spotify_monitor is a tool for real-time monitoring of Spotify friends' music act
 
 NOTE: If you're interested in tracking changes to Spotify users' profiles including their playlists, take a look at another tool I've developed: [spotify_profile_monitor](https://github.com/misiektoja/spotify_profile_monitor).
 
+> Spotify made multiple changes to the web endpoint on June 10th 2025, which broke the **[sp_dc cookie](#spotify-sp_dc-cookie)** method.  
+> 📦 The issue is under investigation to determine if it can be restored.  
+> 👉 In the meantime, use **[desktop client](#spotify-desktop-client)** method instead.  
+
 <a id="features"></a>
 ## Features
 
@@ -56,7 +60,9 @@ NOTE: If you're interested in tracking changes to Spotify users' profiles includ
 3. [Quick Start](#quick-start)
 4. [Configuration](#configuration)
    * [Configuration File](#configuration-file)
-   * [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
+   * [Spotify access token source](#spotify-access-token-source)
+      * [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
+      * [Spotify Desktop Client](#spotify-desktop-client)
    * [Following the Monitored User](#following-the-monitored-user)
    * [How to Get a Friend's User URI ID](#how-to-get-a-friends-user-uri-id)
    * [SMTP Settings](#smtp-settings)
@@ -153,8 +159,23 @@ spotify_monitor --generate-config > spotify_monitor.conf
 
 Edit the `spotify_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
 
+<a id="spotify-access-token-source"></a>
+#### Spotify access token source
+
+The tool supports two methods for obtaining a Spotify access token.
+
+It can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag. 
+
+The **recommended method** is `cookie` which uses the sp_dc cookie to retrieve a token from the Spotify web endpoint.
+
+The **alternative method** is `client` which uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. This approach is intended for advanced users who want an indefinitely valid token with the widest scope.
+
+If no method is specified, the tool defaults to the `cookie` method.
+
 <a id="spotify-sp_dc-cookie"></a>
-### Spotify sp_dc Cookie
+#### Spotify sp_dc Cookie
+
+It is default method used to obtain a Spotify access token.
 
 Log in to [https://open.spotify.com/](https://open.spotify.com/) in your web browser.
 
@@ -170,11 +191,50 @@ Provide the `SP_DC_COOKIE` secret using one of the following methods:
 Fallback:
  - Hard-code it in the code or config file
 
-The `sp_dc` cookie is typically valid for up to 2 weeks. You will be informed by the tool once the cookie expires (proper message on the console and in email).
+You will be informed by the tool once the `sp_dc` cookie expires (proper message on the console and in email).
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to the process to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
-It is recommended to create a new Spotify account for use with the tool since we are not using the official Spotify Web API most of the time (as it does not support fetching friend activity).
+**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API.
+
+<a id="spotify-desktop-client"></a>
+#### Spotify Desktop Client
+
+To use credentials captured from the Spotify desktop client to obtain an access token, set the `TOKEN_SOURCE` configuration option to `client` or use the `--token-source client` flag.
+
+Run an intercepting proxy of your choice (like [Proxyman](https://proxyman.com)).
+
+Launch the Spotify desktop client and look for POST requests to `https://login{n}.spotify.com/v3/login`
+
+Note: The `login` part is suffixed with one or more digits (e.g. `login5`).
+
+If you don't see this request, log out from the client and log back in.
+
+Export the login request body (a binary Protobuf payload) to a file.
+
+In Proxyman: ***right click the request → Export → Request Body → Save File***.
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/proxyman_export_protobuf.png" alt="proxyman_export_protobuf" width="80%"/>
+</p>
+
+Then run the tool with `-w <path-to-login-request-body-file>`:
+
+```sh
+spotify_monitor --token-source client -w <path-to-login-request-body-file> <spotify_user_uri_id>
+```
+
+If successful, the tool will automatically extract the necessary fields and begin monitoring.
+
+You can also persist the Protobuf request file path using the `LOGIN_REQUEST_BODY_FILE` configuration option.
+
+The tool will automatically refresh both the access token and client token using the intercepted refresh token.
+
+Advanced options are available for further customization - refer to the configuration file comments. However, default settings should work for most cases.
+
+You will be informed by the tool once the refresh token expires (proper message on the console and in email).
+
+**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API.
 
 <a id="following-the-monitored-user"></a>
 ### Following the Monitored User
@@ -259,7 +319,7 @@ To monitor specific user activity, just type [Spotify user URI ID](#how-to-get-a
 spotify_monitor <spotify_user_uri_id>
 ```
 
-If you have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
+If you use the default method to obtain a Spotify access token (`cookie`) and have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
 
 ```sh
 spotify_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
@@ -461,7 +521,7 @@ List of supported signals:
 | PIPE | Toggle email notifications when user plays song on loop (-x) |
 | TRAP | Increase the inactivity check timer (by 30 seconds) (-o) |
 | ABRT | Decrease the inactivity check timer (by 30 seconds) (-o) |
-| HUP | Reload secrets from .env file |
+| HUP | Reload secrets from .env file and token source credentials from Protobuf files |
 
 Send signals with `kill` or `pkill`, e.g.:
 

{spotify_monitor-2.0rc2 → spotify_monitor-2.1.1}/README.md

@@ -4,6 +4,10 @@ spotify_monitor is a tool for real-time monitoring of Spotify friends' music act
 
 NOTE: If you're interested in tracking changes to Spotify users' profiles including their playlists, take a look at another tool I've developed: [spotify_profile_monitor](https://github.com/misiektoja/spotify_profile_monitor).
 
+> Spotify made multiple changes to the web endpoint on June 10th 2025, which broke the **[sp_dc cookie](#spotify-sp_dc-cookie)** method.  
+> 📦 The issue is under investigation to determine if it can be restored.  
+> 👉 In the meantime, use **[desktop client](#spotify-desktop-client)** method instead.  
+
 <a id="features"></a>
 ## Features
 
@@ -31,7 +35,9 @@ NOTE: If you're interested in tracking changes to Spotify users' profiles includ
 3. [Quick Start](#quick-start)
 4. [Configuration](#configuration)
    * [Configuration File](#configuration-file)
-   * [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
+   * [Spotify access token source](#spotify-access-token-source)
+      * [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
+      * [Spotify Desktop Client](#spotify-desktop-client)
    * [Following the Monitored User](#following-the-monitored-user)
    * [How to Get a Friend's User URI ID](#how-to-get-a-friends-user-uri-id)
    * [SMTP Settings](#smtp-settings)
@@ -128,8 +134,23 @@ spotify_monitor --generate-config > spotify_monitor.conf
 
 Edit the `spotify_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
 
+<a id="spotify-access-token-source"></a>
+#### Spotify access token source
+
+The tool supports two methods for obtaining a Spotify access token.
+
+It can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag. 
+
+The **recommended method** is `cookie` which uses the sp_dc cookie to retrieve a token from the Spotify web endpoint.
+
+The **alternative method** is `client` which uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. This approach is intended for advanced users who want an indefinitely valid token with the widest scope.
+
+If no method is specified, the tool defaults to the `cookie` method.
+
 <a id="spotify-sp_dc-cookie"></a>
-### Spotify sp_dc Cookie
+#### Spotify sp_dc Cookie
+
+It is default method used to obtain a Spotify access token.
 
 Log in to [https://open.spotify.com/](https://open.spotify.com/) in your web browser.
 
@@ -145,11 +166,50 @@ Provide the `SP_DC_COOKIE` secret using one of the following methods:
 Fallback:
  - Hard-code it in the code or config file
 
-The `sp_dc` cookie is typically valid for up to 2 weeks. You will be informed by the tool once the cookie expires (proper message on the console and in email).
+You will be informed by the tool once the `sp_dc` cookie expires (proper message on the console and in email).
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to the process to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
-It is recommended to create a new Spotify account for use with the tool since we are not using the official Spotify Web API most of the time (as it does not support fetching friend activity).
+**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API.
+
+<a id="spotify-desktop-client"></a>
+#### Spotify Desktop Client
+
+To use credentials captured from the Spotify desktop client to obtain an access token, set the `TOKEN_SOURCE` configuration option to `client` or use the `--token-source client` flag.
+
+Run an intercepting proxy of your choice (like [Proxyman](https://proxyman.com)).
+
+Launch the Spotify desktop client and look for POST requests to `https://login{n}.spotify.com/v3/login`
+
+Note: The `login` part is suffixed with one or more digits (e.g. `login5`).
+
+If you don't see this request, log out from the client and log back in.
+
+Export the login request body (a binary Protobuf payload) to a file.
+
+In Proxyman: ***right click the request → Export → Request Body → Save File***.
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/proxyman_export_protobuf.png" alt="proxyman_export_protobuf" width="80%"/>
+</p>
+
+Then run the tool with `-w <path-to-login-request-body-file>`:
+
+```sh
+spotify_monitor --token-source client -w <path-to-login-request-body-file> <spotify_user_uri_id>
+```
+
+If successful, the tool will automatically extract the necessary fields and begin monitoring.
+
+You can also persist the Protobuf request file path using the `LOGIN_REQUEST_BODY_FILE` configuration option.
+
+The tool will automatically refresh both the access token and client token using the intercepted refresh token.
+
+Advanced options are available for further customization - refer to the configuration file comments. However, default settings should work for most cases.
+
+You will be informed by the tool once the refresh token expires (proper message on the console and in email).
+
+**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API.
 
 <a id="following-the-monitored-user"></a>
 ### Following the Monitored User
@@ -234,7 +294,7 @@ To monitor specific user activity, just type [Spotify user URI ID](#how-to-get-a
 spotify_monitor <spotify_user_uri_id>
 ```
 
-If you have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
+If you use the default method to obtain a Spotify access token (`cookie`) and have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
 
 ```sh
 spotify_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
@@ -436,7 +496,7 @@ List of supported signals:
 | PIPE | Toggle email notifications when user plays song on loop (-x) |
 | TRAP | Increase the inactivity check timer (by 30 seconds) (-o) |
 | ABRT | Decrease the inactivity check timer (by 30 seconds) (-o) |
-| HUP | Reload secrets from .env file |
+| HUP | Reload secrets from .env file and token source credentials from Protobuf files |
 
 Send signals with `kill` or `pkill`, e.g.:
 

{spotify_monitor-2.0rc2 → spotify_monitor-2.1.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "spotify_monitor"
-version = "2.0rc2"
+version = "2.1.1"
 description = "Tool implementing real-time tracking of Spotify friends music activity"
 readme = "README.md"
 license = "GPL-3.0-or-later"

{spotify_monitor-2.0rc2 → spotify_monitor-2.1.1}/spotify_monitor.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spotify_monitor
-Version: 2.0rc2
+Version: 2.1.1
 Summary: Tool implementing real-time tracking of Spotify friends music activity
 Author-email: Michal Szymanski <misiektoja-pypi@rm-rf.ninja>
 License-Expression: GPL-3.0-or-later
@@ -29,6 +29,10 @@ spotify_monitor is a tool for real-time monitoring of Spotify friends' music act
 
 NOTE: If you're interested in tracking changes to Spotify users' profiles including their playlists, take a look at another tool I've developed: [spotify_profile_monitor](https://github.com/misiektoja/spotify_profile_monitor).
 
+> Spotify made multiple changes to the web endpoint on June 10th 2025, which broke the **[sp_dc cookie](#spotify-sp_dc-cookie)** method.  
+> 📦 The issue is under investigation to determine if it can be restored.  
+> 👉 In the meantime, use **[desktop client](#spotify-desktop-client)** method instead.  
+
 <a id="features"></a>
 ## Features
 
@@ -56,7 +60,9 @@ NOTE: If you're interested in tracking changes to Spotify users' profiles includ
 3. [Quick Start](#quick-start)
 4. [Configuration](#configuration)
    * [Configuration File](#configuration-file)
-   * [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
+   * [Spotify access token source](#spotify-access-token-source)
+      * [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
+      * [Spotify Desktop Client](#spotify-desktop-client)
    * [Following the Monitored User](#following-the-monitored-user)
    * [How to Get a Friend's User URI ID](#how-to-get-a-friends-user-uri-id)
    * [SMTP Settings](#smtp-settings)
@@ -153,8 +159,23 @@ spotify_monitor --generate-config > spotify_monitor.conf
 
 Edit the `spotify_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
 
+<a id="spotify-access-token-source"></a>
+#### Spotify access token source
+
+The tool supports two methods for obtaining a Spotify access token.
+
+It can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag. 
+
+The **recommended method** is `cookie` which uses the sp_dc cookie to retrieve a token from the Spotify web endpoint.
+
+The **alternative method** is `client` which uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. This approach is intended for advanced users who want an indefinitely valid token with the widest scope.
+
+If no method is specified, the tool defaults to the `cookie` method.
+
 <a id="spotify-sp_dc-cookie"></a>
-### Spotify sp_dc Cookie
+#### Spotify sp_dc Cookie
+
+It is default method used to obtain a Spotify access token.
 
 Log in to [https://open.spotify.com/](https://open.spotify.com/) in your web browser.
 
@@ -170,11 +191,50 @@ Provide the `SP_DC_COOKIE` secret using one of the following methods:
 Fallback:
  - Hard-code it in the code or config file
 
-The `sp_dc` cookie is typically valid for up to 2 weeks. You will be informed by the tool once the cookie expires (proper message on the console and in email).
+You will be informed by the tool once the `sp_dc` cookie expires (proper message on the console and in email).
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to the process to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
-It is recommended to create a new Spotify account for use with the tool since we are not using the official Spotify Web API most of the time (as it does not support fetching friend activity).
+**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API.
+
+<a id="spotify-desktop-client"></a>
+#### Spotify Desktop Client
+
+To use credentials captured from the Spotify desktop client to obtain an access token, set the `TOKEN_SOURCE` configuration option to `client` or use the `--token-source client` flag.
+
+Run an intercepting proxy of your choice (like [Proxyman](https://proxyman.com)).
+
+Launch the Spotify desktop client and look for POST requests to `https://login{n}.spotify.com/v3/login`
+
+Note: The `login` part is suffixed with one or more digits (e.g. `login5`).
+
+If you don't see this request, log out from the client and log back in.
+
+Export the login request body (a binary Protobuf payload) to a file.
+
+In Proxyman: ***right click the request → Export → Request Body → Save File***.
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/proxyman_export_protobuf.png" alt="proxyman_export_protobuf" width="80%"/>
+</p>
+
+Then run the tool with `-w <path-to-login-request-body-file>`:
+
+```sh
+spotify_monitor --token-source client -w <path-to-login-request-body-file> <spotify_user_uri_id>
+```
+
+If successful, the tool will automatically extract the necessary fields and begin monitoring.
+
+You can also persist the Protobuf request file path using the `LOGIN_REQUEST_BODY_FILE` configuration option.
+
+The tool will automatically refresh both the access token and client token using the intercepted refresh token.
+
+Advanced options are available for further customization - refer to the configuration file comments. However, default settings should work for most cases.
+
+You will be informed by the tool once the refresh token expires (proper message on the console and in email).
+
+**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API.
 
 <a id="following-the-monitored-user"></a>
 ### Following the Monitored User
@@ -259,7 +319,7 @@ To monitor specific user activity, just type [Spotify user URI ID](#how-to-get-a
 spotify_monitor <spotify_user_uri_id>
 ```
 
-If you have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
+If you use the default method to obtain a Spotify access token (`cookie`) and have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
 
 ```sh
 spotify_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
@@ -461,7 +521,7 @@ List of supported signals:
 | PIPE | Toggle email notifications when user plays song on loop (-x) |
 | TRAP | Increase the inactivity check timer (by 30 seconds) (-o) |
 | ABRT | Decrease the inactivity check timer (by 30 seconds) (-o) |
-| HUP | Reload secrets from .env file |
+| HUP | Reload secrets from .env file and token source credentials from Protobuf files |
 
 Send signals with `kill` or `pkill`, e.g.: