spotify-profile-monitor 3.0__tar.gz → 3.1__tar.gz

{spotify_profile_monitor-3.0 → spotify_profile_monitor-3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spotify_profile_monitor
-Version: 3.0
+Version: 3.1
 Summary: Tool implementing real-time tracking of Spotify users activities and profile changes including playlists
 Author-email: Michal Szymanski <misiektoja-pypi@rm-rf.ninja>
 License-Expression: GPL-3.0-or-later
@@ -54,7 +54,7 @@ OSINT tool for real-time monitoring of **Spotify users' activities and profile c
 - Ability to **display and export** the list of tracks for a specific playlist (including **Liked Songs** for the user who owns the Spotify access token)
 - **Saving all profile changes** (including playlists) with timestamps to the **CSV file**
 - **Clickable** **Spotify**, **Apple Music**, **YouTube Music**, **Amazon Music**, **Deezer**, **Tidal**, **Genius Lyrics**, **AZLyrics**, **Tekstowo.pl**, **Musixmatch** and **Lyrics.com** search URLs printed in the console and included in email notifications (configurable per service)
-- Support for **four different methods to get a Spotify access token** (`sp_dc cookie`, `desktop client`, `OAuth app`, `OAuth user`)
+- Support for **hybrid authentication approach** to get a **Spotify access token** (`sp_dc cookie`/`desktop client` + `OAuth app`, or standalone `OAuth app`/`OAuth user`)
 - Possibility to **control the running copy** of the script via signals
 - **Functional, procedural Python** (minimal OOP)
 
@@ -156,17 +156,16 @@ If you installed manually, download the newest *[spotify_profile_monitor.py](htt
 <a id="quick-start"></a>
 ## Quick Start
 
-- Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie) and track the `spotify_user_uri_id` profile changes (including playlists):
-
+- Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie), set up [OAuth app credentials](#spotify-oauth-app) and track the `spotify_user_uri_id` profile changes (including playlists):
 
 ```sh
-spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
+spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
 ```
 
 Or if you installed [manually](#manual-installation):
 
 ```sh
-python3 spotify_profile_monitor.py <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
+python3 spotify_profile_monitor.py <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
 ```
 
 To get the list of all supported command-line arguments / flags:
@@ -192,6 +191,8 @@ spotify_profile_monitor --generate-config > spotify_profile_monitor.conf
 
 Edit the `spotify_profile_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
 
+**New in v3.1:** The tool now uses a hybrid authentication approach. OAuth app credentials (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) are required for playlist and user information retrieval when using either `cookie` or `client` token source methods. See [Spotify OAuth App](#spotify-oauth-app) section for setup instructions.
+
 **New in v2.9:** The configuration file includes options to enable/disable music service URLs (Apple Music, YouTube Music, Amazon Music, Deezer, Tidal) and lyrics service URLs (Genius, AZLyrics, Tekstowo.pl, Musixmatch, Lyrics.com) in console and email outputs.
 
 <a id="spotify-access-token-source"></a>
@@ -199,16 +200,23 @@ Edit the `spotify_profile_monitor.conf` file and change any desired configuratio
 
 The tool supports four methods for obtaining a Spotify access token.
 
-It can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
+When you decide to use the `cookie` or `client` token source method, the tool uses a **hybrid authentication approach** and you also need to configure **OAuth app credentials** (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) for playlist and user information retrieval as described in [Spotify OAuth App](#spotify-oauth-app).
+
+The token source method can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
 
 **Recommended: `cookie`**
 
 Uses the `sp_dc` cookie to retrieve a token from the Spotify web endpoint. This method is easy to set up and supports all features except fetching the list of liked tracks for the account that owns the access token (due to recent Spotify token's scope restrictions).
 
+Since version 3.1, due to Spotify restrictions introduced on December 22, 2025, it no longer shows other users' playlists added to a user's profile unless the user is a collaborator on a playlist owned by another user.
+
+
 **Alternative: `client`**
 
 Uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. It's more complex to set up, but supports all features. This method is intended for advanced users who want a long-lasting token with the broadest possible access.
 
+Since version 3.1, due to Spotify restrictions introduced on December 22, 2025, it no longer shows other users' playlists added to a user's profile unless the user is a collaborator on a playlist owned by another user.
+
 **Safe fallback: `oauth_app`**
 
 Relies on the official Spotify Web API (Client Credentials OAuth flow). This method is easy to set up and safe to use, but has several limitations. The following features are **not** supported:
@@ -263,7 +271,7 @@ If your `sp_dc` cookie expires, the tool will notify you via the console and ema
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
-> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
 
 <a id="spotify-desktop-client"></a>
 #### Spotify Desktop Client
@@ -318,39 +326,42 @@ Advanced options are available for further customization - refer to the configur
 <a id="spotify-oauth-app"></a>
 #### Spotify OAuth App
 
+Can be used as a standalone mode, but also as a secondary mode to either a `cookie` or `client` token source method to retrieve playlist and user information (required due to restrictions introduced by Spotify on December 22, 2025).
+
 This method uses an official Spotify Web API (Client Credentials OAuth flow).
 
-- Log in to Spotify Developer dashboard: https://developer.spotify.com/dashboard
+To obtain the credentials:
+
+- Log in to [Spotify Developer dashboard](https://developer.spotify.com/dashboard)
 
 - Create a new app
 
-- For **Redirect URL**, use: http://127.0.0.1:1234
-   - The URL must match exactly as shown, including not having a / at the end
-   - When copying the link via right-click, some browsers may add an extra / to the URL
+- For **Redirect URL**, use: `http://127.0.0.1:1234`
+   - The URL must match exactly as shown, including not having a `/` at the end
+   - When copying the link via right-click, some browsers may add an extra `/` to the URL
 
 - Select **Web API** as the intended API
 
 - Copy the **Client ID** and **Client Secret**
 
 - Provide the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` secrets using one of the following methods:
-   - Pass it at runtime with `-r` / `--oauth-app-creds`
-      - Use `SP_APP_CLIENT_ID`:`SP_APP_CLIENT_SECRET` format - note the colon separator
+   - Pass it at runtime with `-r` / `--oauth-app-creds` (use `SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET` format - note the colon separator)
    - Set it as an [environment variable](#storing-secrets) (e.g. `export SP_APP_CLIENT_ID=...; export SP_APP_CLIENT_SECRET=...`)
    - Add it to [.env file](#storing-secrets) (`SP_APP_CLIENT_ID=...` and `SP_APP_CLIENT_SECRET=...`) for persistent use
    - Fallback: hard-code it in the code or config file
 
-You can use the same client ID and secret values as those used for the [Spotify OAuth User](#spotify-oauth-user).
-
 Example:
 
 ```sh
 spotify_profile_monitor --token-source oauth_app -r "your_spotify_app_client_id:your_spotify_app_client_secret" <spotify_user_uri_id>
 ```
 
-The tool takes care of refreshing the access token so it should remain valid indefinitely.
+The tool automatically refreshes the OAuth app access token, so it remains valid indefinitely. Tokens are cached in the file specified by `SP_APP_TOKENS_FILE` configuration option (default: `.spotify-profile-monitor-oauth-app.json`).
 
 If you store the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` in a dotenv file you can update their values and send a `SIGHUP` signal to reload the file with the new secret values without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
+You can also use this method as a standalone token source (without `cookie` or `client`) by setting `TOKEN_SOURCE` to `oauth_app`, but this has several limitations as described in the [Spotify access token source](#spotify-access-token-source) section.
+
 <a id="spotify-oauth-user"></a>
 #### Spotify OAuth User
 
@@ -529,6 +540,14 @@ If you use the default method to obtain a Spotify access token (`cookie`) and ha
 spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
 ```
 
+**Note:** OAuth app credentials are now required for playlist and user information retrieval. If you haven't set `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` via environment variables or `.env` file, you can use the `-r` flag:
+
+```sh
+spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
+```
+
+See [Spotify OAuth App](#spotify-oauth-app) for detailed setup instructions.
+
 By default, the tool looks for a configuration file named `spotify_profile_monitor.conf` in:
  - current directory
  - home directory (`~`)
@@ -661,12 +680,6 @@ If you want to display a list of recently played artists (this feature only work
 spotify_profile_monitor <spotify_user_uri_id> -a
 ```
 
-To get basic information about the Spotify access token owner (`-v` flag):
-
-```sh
-spotify_profile_monitor -v
-```
-
 If you want to search the Spotify catalog for users with a specific name to obtain their Spotify user URI ID (`-s` flag):
 
 ```sh
@@ -873,7 +886,7 @@ You should get a valid Spotify access token, example output:
    <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_totp_test.png" alt="spotify_monitor_totp_test" width="100%"/>
 </p>
 
-> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
 
 <a id="secret-key-extraction-from-spotify-web-player-bundles"></a>
 ### Secret Key Extraction from Spotify Web Player Bundles

{spotify_profile_monitor-3.0 → spotify_profile_monitor-3.1}/README.md

@@ -25,7 +25,7 @@ OSINT tool for real-time monitoring of **Spotify users' activities and profile c
 - Ability to **display and export** the list of tracks for a specific playlist (including **Liked Songs** for the user who owns the Spotify access token)
 - **Saving all profile changes** (including playlists) with timestamps to the **CSV file**
 - **Clickable** **Spotify**, **Apple Music**, **YouTube Music**, **Amazon Music**, **Deezer**, **Tidal**, **Genius Lyrics**, **AZLyrics**, **Tekstowo.pl**, **Musixmatch** and **Lyrics.com** search URLs printed in the console and included in email notifications (configurable per service)
-- Support for **four different methods to get a Spotify access token** (`sp_dc cookie`, `desktop client`, `OAuth app`, `OAuth user`)
+- Support for **hybrid authentication approach** to get a **Spotify access token** (`sp_dc cookie`/`desktop client` + `OAuth app`, or standalone `OAuth app`/`OAuth user`)
 - Possibility to **control the running copy** of the script via signals
 - **Functional, procedural Python** (minimal OOP)
 
@@ -127,17 +127,16 @@ If you installed manually, download the newest *[spotify_profile_monitor.py](htt
 <a id="quick-start"></a>
 ## Quick Start
 
-- Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie) and track the `spotify_user_uri_id` profile changes (including playlists):
-
+- Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie), set up [OAuth app credentials](#spotify-oauth-app) and track the `spotify_user_uri_id` profile changes (including playlists):
 
 ```sh
-spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
+spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
 ```
 
 Or if you installed [manually](#manual-installation):
 
 ```sh
-python3 spotify_profile_monitor.py <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
+python3 spotify_profile_monitor.py <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
 ```
 
 To get the list of all supported command-line arguments / flags:
@@ -163,6 +162,8 @@ spotify_profile_monitor --generate-config > spotify_profile_monitor.conf
 
 Edit the `spotify_profile_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
 
+**New in v3.1:** The tool now uses a hybrid authentication approach. OAuth app credentials (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) are required for playlist and user information retrieval when using either `cookie` or `client` token source methods. See [Spotify OAuth App](#spotify-oauth-app) section for setup instructions.
+
 **New in v2.9:** The configuration file includes options to enable/disable music service URLs (Apple Music, YouTube Music, Amazon Music, Deezer, Tidal) and lyrics service URLs (Genius, AZLyrics, Tekstowo.pl, Musixmatch, Lyrics.com) in console and email outputs.
 
 <a id="spotify-access-token-source"></a>
@@ -170,16 +171,23 @@ Edit the `spotify_profile_monitor.conf` file and change any desired configuratio
 
 The tool supports four methods for obtaining a Spotify access token.
 
-It can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
+When you decide to use the `cookie` or `client` token source method, the tool uses a **hybrid authentication approach** and you also need to configure **OAuth app credentials** (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) for playlist and user information retrieval as described in [Spotify OAuth App](#spotify-oauth-app).
+
+The token source method can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
 
 **Recommended: `cookie`**
 
 Uses the `sp_dc` cookie to retrieve a token from the Spotify web endpoint. This method is easy to set up and supports all features except fetching the list of liked tracks for the account that owns the access token (due to recent Spotify token's scope restrictions).
 
+Since version 3.1, due to Spotify restrictions introduced on December 22, 2025, it no longer shows other users' playlists added to a user's profile unless the user is a collaborator on a playlist owned by another user.
+
+
 **Alternative: `client`**
 
 Uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. It's more complex to set up, but supports all features. This method is intended for advanced users who want a long-lasting token with the broadest possible access.
 
+Since version 3.1, due to Spotify restrictions introduced on December 22, 2025, it no longer shows other users' playlists added to a user's profile unless the user is a collaborator on a playlist owned by another user.
+
 **Safe fallback: `oauth_app`**
 
 Relies on the official Spotify Web API (Client Credentials OAuth flow). This method is easy to set up and safe to use, but has several limitations. The following features are **not** supported:
@@ -234,7 +242,7 @@ If your `sp_dc` cookie expires, the tool will notify you via the console and ema
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
-> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
 
 <a id="spotify-desktop-client"></a>
 #### Spotify Desktop Client
@@ -289,39 +297,42 @@ Advanced options are available for further customization - refer to the configur
 <a id="spotify-oauth-app"></a>
 #### Spotify OAuth App
 
+Can be used as a standalone mode, but also as a secondary mode to either a `cookie` or `client` token source method to retrieve playlist and user information (required due to restrictions introduced by Spotify on December 22, 2025).
+
 This method uses an official Spotify Web API (Client Credentials OAuth flow).
 
-- Log in to Spotify Developer dashboard: https://developer.spotify.com/dashboard
+To obtain the credentials:
+
+- Log in to [Spotify Developer dashboard](https://developer.spotify.com/dashboard)
 
 - Create a new app
 
-- For **Redirect URL**, use: http://127.0.0.1:1234
-   - The URL must match exactly as shown, including not having a / at the end
-   - When copying the link via right-click, some browsers may add an extra / to the URL
+- For **Redirect URL**, use: `http://127.0.0.1:1234`
+   - The URL must match exactly as shown, including not having a `/` at the end
+   - When copying the link via right-click, some browsers may add an extra `/` to the URL
 
 - Select **Web API** as the intended API
 
 - Copy the **Client ID** and **Client Secret**
 
 - Provide the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` secrets using one of the following methods:
-   - Pass it at runtime with `-r` / `--oauth-app-creds`
-      - Use `SP_APP_CLIENT_ID`:`SP_APP_CLIENT_SECRET` format - note the colon separator
+   - Pass it at runtime with `-r` / `--oauth-app-creds` (use `SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET` format - note the colon separator)
    - Set it as an [environment variable](#storing-secrets) (e.g. `export SP_APP_CLIENT_ID=...; export SP_APP_CLIENT_SECRET=...`)
    - Add it to [.env file](#storing-secrets) (`SP_APP_CLIENT_ID=...` and `SP_APP_CLIENT_SECRET=...`) for persistent use
    - Fallback: hard-code it in the code or config file
 
-You can use the same client ID and secret values as those used for the [Spotify OAuth User](#spotify-oauth-user).
-
 Example:
 
 ```sh
 spotify_profile_monitor --token-source oauth_app -r "your_spotify_app_client_id:your_spotify_app_client_secret" <spotify_user_uri_id>
 ```
 
-The tool takes care of refreshing the access token so it should remain valid indefinitely.
+The tool automatically refreshes the OAuth app access token, so it remains valid indefinitely. Tokens are cached in the file specified by `SP_APP_TOKENS_FILE` configuration option (default: `.spotify-profile-monitor-oauth-app.json`).
 
 If you store the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` in a dotenv file you can update their values and send a `SIGHUP` signal to reload the file with the new secret values without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
+You can also use this method as a standalone token source (without `cookie` or `client`) by setting `TOKEN_SOURCE` to `oauth_app`, but this has several limitations as described in the [Spotify access token source](#spotify-access-token-source) section.
+
 <a id="spotify-oauth-user"></a>
 #### Spotify OAuth User
 
@@ -500,6 +511,14 @@ If you use the default method to obtain a Spotify access token (`cookie`) and ha
 spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
 ```
 
+**Note:** OAuth app credentials are now required for playlist and user information retrieval. If you haven't set `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` via environment variables or `.env` file, you can use the `-r` flag:
+
+```sh
+spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
+```
+
+See [Spotify OAuth App](#spotify-oauth-app) for detailed setup instructions.
+
 By default, the tool looks for a configuration file named `spotify_profile_monitor.conf` in:
  - current directory
  - home directory (`~`)
@@ -632,12 +651,6 @@ If you want to display a list of recently played artists (this feature only work
 spotify_profile_monitor <spotify_user_uri_id> -a
 ```
 
-To get basic information about the Spotify access token owner (`-v` flag):
-
-```sh
-spotify_profile_monitor -v
-```
-
 If you want to search the Spotify catalog for users with a specific name to obtain their Spotify user URI ID (`-s` flag):
 
 ```sh
@@ -844,7 +857,7 @@ You should get a valid Spotify access token, example output:
    <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_totp_test.png" alt="spotify_monitor_totp_test" width="100%"/>
 </p>
 
-> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
 
 <a id="secret-key-extraction-from-spotify-web-player-bundles"></a>
 ### Secret Key Extraction from Spotify Web Player Bundles

{spotify_profile_monitor-3.0 → spotify_profile_monitor-3.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "spotify_profile_monitor"
-version = "3.0"
+version = "3.1"
 description = "Tool implementing real-time tracking of Spotify users activities and profile changes including playlists"
 readme = "README.md"
 license = "GPL-3.0-or-later"

{spotify_profile_monitor-3.0 → spotify_profile_monitor-3.1}/spotify_profile_monitor.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spotify_profile_monitor
-Version: 3.0
+Version: 3.1
 Summary: Tool implementing real-time tracking of Spotify users activities and profile changes including playlists
 Author-email: Michal Szymanski <misiektoja-pypi@rm-rf.ninja>
 License-Expression: GPL-3.0-or-later
@@ -54,7 +54,7 @@ OSINT tool for real-time monitoring of **Spotify users' activities and profile c
 - Ability to **display and export** the list of tracks for a specific playlist (including **Liked Songs** for the user who owns the Spotify access token)
 - **Saving all profile changes** (including playlists) with timestamps to the **CSV file**
 - **Clickable** **Spotify**, **Apple Music**, **YouTube Music**, **Amazon Music**, **Deezer**, **Tidal**, **Genius Lyrics**, **AZLyrics**, **Tekstowo.pl**, **Musixmatch** and **Lyrics.com** search URLs printed in the console and included in email notifications (configurable per service)
-- Support for **four different methods to get a Spotify access token** (`sp_dc cookie`, `desktop client`, `OAuth app`, `OAuth user`)
+- Support for **hybrid authentication approach** to get a **Spotify access token** (`sp_dc cookie`/`desktop client` + `OAuth app`, or standalone `OAuth app`/`OAuth user`)
 - Possibility to **control the running copy** of the script via signals
 - **Functional, procedural Python** (minimal OOP)
 
@@ -156,17 +156,16 @@ If you installed manually, download the newest *[spotify_profile_monitor.py](htt
 <a id="quick-start"></a>
 ## Quick Start
 
-- Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie) and track the `spotify_user_uri_id` profile changes (including playlists):
-
+- Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie), set up [OAuth app credentials](#spotify-oauth-app) and track the `spotify_user_uri_id` profile changes (including playlists):
 
 ```sh
-spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
+spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
 ```
 
 Or if you installed [manually](#manual-installation):
 
 ```sh
-python3 spotify_profile_monitor.py <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
+python3 spotify_profile_monitor.py <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
 ```
 
 To get the list of all supported command-line arguments / flags:
@@ -192,6 +191,8 @@ spotify_profile_monitor --generate-config > spotify_profile_monitor.conf
 
 Edit the `spotify_profile_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
 
+**New in v3.1:** The tool now uses a hybrid authentication approach. OAuth app credentials (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) are required for playlist and user information retrieval when using either `cookie` or `client` token source methods. See [Spotify OAuth App](#spotify-oauth-app) section for setup instructions.
+
 **New in v2.9:** The configuration file includes options to enable/disable music service URLs (Apple Music, YouTube Music, Amazon Music, Deezer, Tidal) and lyrics service URLs (Genius, AZLyrics, Tekstowo.pl, Musixmatch, Lyrics.com) in console and email outputs.
 
 <a id="spotify-access-token-source"></a>
@@ -199,16 +200,23 @@ Edit the `spotify_profile_monitor.conf` file and change any desired configuratio
 
 The tool supports four methods for obtaining a Spotify access token.
 
-It can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
+When you decide to use the `cookie` or `client` token source method, the tool uses a **hybrid authentication approach** and you also need to configure **OAuth app credentials** (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) for playlist and user information retrieval as described in [Spotify OAuth App](#spotify-oauth-app).
+
+The token source method can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
 
 **Recommended: `cookie`**
 
 Uses the `sp_dc` cookie to retrieve a token from the Spotify web endpoint. This method is easy to set up and supports all features except fetching the list of liked tracks for the account that owns the access token (due to recent Spotify token's scope restrictions).
 
+Since version 3.1, due to Spotify restrictions introduced on December 22, 2025, it no longer shows other users' playlists added to a user's profile unless the user is a collaborator on a playlist owned by another user.
+
+
 **Alternative: `client`**
 
 Uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. It's more complex to set up, but supports all features. This method is intended for advanced users who want a long-lasting token with the broadest possible access.
 
+Since version 3.1, due to Spotify restrictions introduced on December 22, 2025, it no longer shows other users' playlists added to a user's profile unless the user is a collaborator on a playlist owned by another user.
+
 **Safe fallback: `oauth_app`**
 
 Relies on the official Spotify Web API (Client Credentials OAuth flow). This method is easy to set up and safe to use, but has several limitations. The following features are **not** supported:
@@ -263,7 +271,7 @@ If your `sp_dc` cookie expires, the tool will notify you via the console and ema
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
-> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
 
 <a id="spotify-desktop-client"></a>
 #### Spotify Desktop Client
@@ -318,39 +326,42 @@ Advanced options are available for further customization - refer to the configur
 <a id="spotify-oauth-app"></a>
 #### Spotify OAuth App
 
+Can be used as a standalone mode, but also as a secondary mode to either a `cookie` or `client` token source method to retrieve playlist and user information (required due to restrictions introduced by Spotify on December 22, 2025).
+
 This method uses an official Spotify Web API (Client Credentials OAuth flow).
 
-- Log in to Spotify Developer dashboard: https://developer.spotify.com/dashboard
+To obtain the credentials:
+
+- Log in to [Spotify Developer dashboard](https://developer.spotify.com/dashboard)
 
 - Create a new app
 
-- For **Redirect URL**, use: http://127.0.0.1:1234
-   - The URL must match exactly as shown, including not having a / at the end
-   - When copying the link via right-click, some browsers may add an extra / to the URL
+- For **Redirect URL**, use: `http://127.0.0.1:1234`
+   - The URL must match exactly as shown, including not having a `/` at the end
+   - When copying the link via right-click, some browsers may add an extra `/` to the URL
 
 - Select **Web API** as the intended API
 
 - Copy the **Client ID** and **Client Secret**
 
 - Provide the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` secrets using one of the following methods:
-   - Pass it at runtime with `-r` / `--oauth-app-creds`
-      - Use `SP_APP_CLIENT_ID`:`SP_APP_CLIENT_SECRET` format - note the colon separator
+   - Pass it at runtime with `-r` / `--oauth-app-creds` (use `SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET` format - note the colon separator)
    - Set it as an [environment variable](#storing-secrets) (e.g. `export SP_APP_CLIENT_ID=...; export SP_APP_CLIENT_SECRET=...`)
    - Add it to [.env file](#storing-secrets) (`SP_APP_CLIENT_ID=...` and `SP_APP_CLIENT_SECRET=...`) for persistent use
    - Fallback: hard-code it in the code or config file
 
-You can use the same client ID and secret values as those used for the [Spotify OAuth User](#spotify-oauth-user).
-
 Example:
 
 ```sh
 spotify_profile_monitor --token-source oauth_app -r "your_spotify_app_client_id:your_spotify_app_client_secret" <spotify_user_uri_id>
 ```
 
-The tool takes care of refreshing the access token so it should remain valid indefinitely.
+The tool automatically refreshes the OAuth app access token, so it remains valid indefinitely. Tokens are cached in the file specified by `SP_APP_TOKENS_FILE` configuration option (default: `.spotify-profile-monitor-oauth-app.json`).
 
 If you store the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` in a dotenv file you can update their values and send a `SIGHUP` signal to reload the file with the new secret values without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
+You can also use this method as a standalone token source (without `cookie` or `client`) by setting `TOKEN_SOURCE` to `oauth_app`, but this has several limitations as described in the [Spotify access token source](#spotify-access-token-source) section.
+
 <a id="spotify-oauth-user"></a>
 #### Spotify OAuth User
 
@@ -529,6 +540,14 @@ If you use the default method to obtain a Spotify access token (`cookie`) and ha
 spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value"
 ```
 
+**Note:** OAuth app credentials are now required for playlist and user information retrieval. If you haven't set `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` via environment variables or `.env` file, you can use the `-r` flag:
+
+```sh
+spotify_profile_monitor <spotify_user_uri_id> -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
+```
+
+See [Spotify OAuth App](#spotify-oauth-app) for detailed setup instructions.
+
 By default, the tool looks for a configuration file named `spotify_profile_monitor.conf` in:
  - current directory
  - home directory (`~`)
@@ -661,12 +680,6 @@ If you want to display a list of recently played artists (this feature only work
 spotify_profile_monitor <spotify_user_uri_id> -a
 ```
 
-To get basic information about the Spotify access token owner (`-v` flag):
-
-```sh
-spotify_profile_monitor -v
-```
-
 If you want to search the Spotify catalog for users with a specific name to obtain their Spotify user URI ID (`-s` flag):
 
 ```sh
@@ -873,7 +886,7 @@ You should get a valid Spotify access token, example output:
    <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_totp_test.png" alt="spotify_monitor_totp_test" width="100%"/>
 </p>
 
-> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
 
 <a id="secret-key-extraction-from-spotify-web-player-bundles"></a>
 ### Secret Key Extraction from Spotify Web Player Bundles

{spotify_profile_monitor-3.0 → spotify_profile_monitor-3.1}/spotify_profile_monitor.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """
 Author: Michal Szymanski <misiektoja-github@rm-rf.ninja>
-v3.0
+v3.1
 
 OSINT tool implementing real-time tracking of Spotify users activities and profile changes including playlists:
 https://github.com/misiektoja/spotify_profile_monitor/
@@ -15,11 +15,11 @@ pyotp (optional, needed when the token source is set to cookie)
 pytz
 tzlocal (optional)
 python-dotenv (optional)
-spotipy (optional, needed when the token source is set to oauth_app)
+spotipy
 wcwidth (optional, needed by TRUNCATE_CHARS feature)
 """
 
-VERSION = "3.0"
+VERSION = "3.1"
 
 # ---------------------------
 # CONFIGURATION SECTION START
@@ -50,6 +50,32 @@ SP_DC_COOKIE = "your_sp_dc_cookie_value"
 
 # ---------------------------------------------------------------------
 
+# The section below is used when the token source is set to 'oauth_app' (Client Credentials OAuth Flow)
+# It is also used to get playlists and users info in 'cookie' and 'client' modes
+#
+# To obtain the credentials:
+#   - Log in to Spotify Developer dashboard: https://developer.spotify.com/dashboard
+#   - Create a new app
+#   - For 'Redirect URL', use: http://127.0.0.1:1234
+#   - Select 'Web API' as the intended API
+#   - Copy the 'Client ID' and 'Client Secret'
+#
+# Provide the SP_APP_CLIENT_ID and SP_APP_CLIENT_SECRET secrets using one of the following methods:
+#   - Pass it at runtime with -r / --oauth-app-creds (use SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET format - note the colon separator)
+#   - Set it as an environment variable (e.g. export SP_APP_CLIENT_ID=...; export SP_APP_CLIENT_SECRET=...)
+#   - Add it to ".env" file (SP_APP_CLIENT_ID=... and SP_APP_CLIENT_SECRET=...) for persistent use
+#   - Fallback: hard-code it in the code or config file
+#
+# The tool automatically refreshes the access token, so it remains valid indefinitely
+SP_APP_CLIENT_ID = "your_spotify_app_client_id"
+SP_APP_CLIENT_SECRET = "your_spotify_app_client_secret"
+
+# Path to cache file used to store OAuth app access tokens across tool restarts
+# Set to empty to use in-memory cache only
+SP_APP_TOKENS_FILE = ".spotify-profile-monitor-oauth-app.json"
+
+# ---------------------------------------------------------------------
+
 # SMTP settings for sending email notifications
 # If left as-is, no notifications will be sent
 #
@@ -299,8 +325,7 @@ TOKEN_RETRY_TIMEOUT = 0.5  # 0.5 second
 # Newest secrets are downloaded automatically from SECRET_CIPHER_DICT_URL (see below)
 # Can also be fetched via spotify_monitor_secret_grabber.py utility - see debug dir
 SECRET_CIPHER_DICT = {
-    "6": [21, 24, 85, 46, 48, 35, 33, 8, 11, 63, 76, 12, 55, 77, 14, 7, 54],
-    "5": [12, 56, 76, 33, 88, 44, 88, 33, 78, 78, 11, 66, 22, 22, 55, 69, 54],
+#    "61": [44, 55, 47, 42, 70, 40, 34, 114, 76, 74, 50, 111, 120, 97, 75, 76, 94, 102, 43, 69, 49, 120, 118, 80, 64, 78],
 }
 
 # Remote or local URL used to fetch updated secrets needed for TOTP generation
@@ -317,32 +342,6 @@ TOTP_VER = 0
 
 # ---------------------------------------------------------------------
 
-# The section below is used when the token source is set to 'oauth_app'
-# (Client Credentials OAuth Flow)
-#
-# To obtain the credentials:
-#   - Log in to Spotify Developer dashboard: https://developer.spotify.com/dashboard
-#   - Create a new app
-#   - For 'Redirect URL', use: http://127.0.0.1:1234
-#   - Select 'Web API' as the intended API
-#   - Copy the 'Client ID' and 'Client Secret'
-#
-# Provide the SP_APP_CLIENT_ID and SP_APP_CLIENT_SECRET secrets using one of the following methods:
-#   - Pass it at runtime with -r / --oauth-app-creds (use SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET format - note the colon separator)
-#   - Set it as an environment variable (e.g. export SP_APP_CLIENT_ID=...; export SP_APP_CLIENT_SECRET=...)
-#   - Add it to ".env" file (SP_APP_CLIENT_ID=... and SP_APP_CLIENT_SECRET=...) for persistent use
-#   - Fallback: hard-code it in the code or config file
-#
-# The tool automatically refreshes the access token, so it remains valid indefinitely
-SP_APP_CLIENT_ID = "your_spotify_app_client_id"
-SP_APP_CLIENT_SECRET = "your_spotify_app_client_secret"
-
-# Path to cache file used to store OAuth app access tokens across tool restarts
-# Set to empty to use in-memory cache only
-SP_APP_TOKENS_FILE = ".spotify-profile-monitor-oauth-app.json"
-
-# ---------------------------------------------------------------------
-
 # The section below is used when the token source is set to 'oauth_user'
 # (Authorization Code OAuth Flow)
 #
@@ -617,12 +616,15 @@ FUNCTION_TIMEOUT = 15
 ALARM_TIMEOUT = 15
 ALARM_RETRY = 10
 
-# Variables for caching functionality of the Spotify access and refresh token to avoid unnecessary refreshing
+# Variables for caching functionality of the Spotify 'cookie' access token / 'client' refresh token to avoid unnecessary refreshing
 SP_CACHED_ACCESS_TOKEN = None
 SP_CACHED_REFRESH_TOKEN = None
 SP_ACCESS_TOKEN_EXPIRES_AT = 0
 SP_CACHED_CLIENT_ID = ""
 
+# Separate cache for OAuth app access token (Client Credentials Flow) used in hybrid mode
+SP_CACHED_OAUTH_APP_TOKEN = None
+
 # URL of the Spotify Web Player endpoint to get access token
 TOKEN_URL = "https://open.spotify.com/api/token"
 
@@ -1488,11 +1490,17 @@ def spotify_extract_id_or_name(s):
 
 
 # Sends a lightweight request to check Spotify token validity
-def check_token_validity(access_token: str, client_id: Optional[str] = None, user_agent: Optional[str] = None) -> bool:
-    url1 = "https://api.spotify.com/v1/me"
-    url2 = "https://api.spotify.com/v1/browse/categories?limit=1&fields=categories.items(id)"
-
-    url = url2 if TOKEN_SOURCE == "oauth_app" else url1
+def check_token_validity(access_token: str, client_id: Optional[str] = None, user_agent: Optional[str] = None, oauth_app: bool = False) -> bool:
+    url_cookie_client = "https://guc-spclient.spotify.com/presence-view/v1/buddylist"
+    url_oauth_app = "https://api.spotify.com/v1/browse/categories?limit=1&fields=categories.items(id)"
+    url_oauth_user = "https://api.spotify.com/v1/me"
+
+    if oauth_app or TOKEN_SOURCE == "oauth_app":
+        url = url_oauth_app
+    elif TOKEN_SOURCE in {"cookie", "client"}:
+        url = url_cookie_client
+    else:
+        url = url_oauth_user
 
     headers = {"Authorization": f"Bearer {access_token}"}
 
@@ -1501,7 +1509,7 @@ def check_token_validity(access_token: str, client_id: Optional[str] = None, use
             "User-Agent": user_agent
         })
 
-    if TOKEN_SOURCE == "cookie" and client_id is not None:
+    if not oauth_app and TOKEN_SOURCE == "cookie" and client_id is not None:
         headers.update({
             "Client-Id": client_id
         })
@@ -1723,15 +1731,17 @@ def refresh_access_token_from_sp_dc(sp_dc: str) -> dict:
     client_time = int(time_ns() / 1000 / 1000)
     otp_value = totp_obj.at(server_time)
 
+    totp_ver = TOTP_VER or max(map(int, SECRET_CIPHER_DICT))
+
     params = {
         "reason": "transport",
         "productType": "web-player",
         "totp": otp_value,
         "totpServer": otp_value,
-        "totpVer": TOTP_VER,
+        "totpVer": totp_ver,
     }
 
-    if TOTP_VER < 10:
+    if totp_ver < 10:
         params.update({
             "sTime": server_time,
             "cTime": client_time,
@@ -1866,7 +1876,10 @@ def spotify_get_access_token_from_sp_dc(sp_dc: str):
 
 # Fetches Spotify access token based on provided sp_client_id & sp_client_secret values (Client Credentials OAuth Flow)
 def spotify_get_access_token_from_oauth_app(sp_client_id, sp_client_secret):
-    global SP_CACHED_ACCESS_TOKEN
+    global SP_CACHED_OAUTH_APP_TOKEN
+
+    if not sp_client_id or not sp_client_secret:
+        return None
 
     try:
         from spotipy.oauth2 import SpotifyClientCredentials
@@ -1875,8 +1888,8 @@ def spotify_get_access_token_from_oauth_app(sp_client_id, sp_client_secret):
         print("* Warning: the 'spotipy' package is required for 'oauth_app' token source, install it with `pip install spotipy`")
         return None
 
-    if SP_CACHED_ACCESS_TOKEN and check_token_validity(SP_CACHED_ACCESS_TOKEN):
-        return SP_CACHED_ACCESS_TOKEN
+    if SP_CACHED_OAUTH_APP_TOKEN and check_token_validity(SP_CACHED_OAUTH_APP_TOKEN, oauth_app=True):
+        return SP_CACHED_OAUTH_APP_TOKEN
 
     if SP_APP_TOKENS_FILE:
         cache_handler = CacheFileHandler(cache_path=SP_APP_TOKENS_FILE)
@@ -1888,9 +1901,9 @@ def spotify_get_access_token_from_oauth_app(sp_client_id, sp_client_secret):
 
     auth_manager = SpotifyClientCredentials(client_id=sp_client_id, client_secret=sp_client_secret, cache_handler=cache_handler, requests_session=session)  # type: ignore[arg-type]
 
-    SP_CACHED_ACCESS_TOKEN = auth_manager.get_access_token(as_dict=False)
+    SP_CACHED_OAUTH_APP_TOKEN = auth_manager.get_access_token(as_dict=False)
 
-    return SP_CACHED_ACCESS_TOKEN
+    return SP_CACHED_OAUTH_APP_TOKEN
 
 
 # -----------------------------------------------------------
@@ -2589,56 +2602,14 @@ def spotify_convert_url_to_uri(url):
     return uri
 
 
-# Gets basic information about access token owner
-def spotify_get_current_user_or_app(access_token) -> dict | None:
-
-    if TOKEN_SOURCE == "oauth_app":
-        app_info = {
-            "type": "app_token",
-            "client_id": SP_APP_CLIENT_ID
-        }
-        return app_info
-
-    url = "https://api.spotify.com/v1/me"
-
-    headers = {
-        "Authorization": f"Bearer {access_token}",
-        "User-Agent": USER_AGENT
-    }
-
-    if TOKEN_SOURCE == "cookie":
-        headers.update({
-            "Client-Id": SP_CACHED_CLIENT_ID
-        })
-
-    if platform.system() != 'Windows':
-        signal.signal(signal.SIGALRM, timeout_handler)
-        signal.alarm(FUNCTION_TIMEOUT + 2)
-    try:
-        response = SESSION.get(url, headers=headers, timeout=FUNCTION_TIMEOUT, verify=VERIFY_SSL)
-        response.raise_for_status()
-        data = response.json()
-
-        user_info = {
-            "display_name": data.get("display_name"),
-            "uri": data.get("uri"),
-            "is_premium": data.get("product") == "premium",
-            "country": data.get("country"),
-            "email": data.get("email"),
-            "spotify_url": data.get("external_urls", {}).get("spotify") + "?si=1" if data.get("external_urls", {}).get("spotify") else None
-        }
-
-        return user_info
-    except Exception as e:
-        print(f"* Error: {e}")
-        return None
-    finally:
-        if platform.system() != 'Windows':
-            signal.alarm(0)
-
-
 # Checks if a playlist has been completely removed and/or set as private
-def is_playlist_private(access_token, playlist_uri):
+def is_playlist_private(access_token, playlist_uri, oauth_app: bool = False):
+    if TOKEN_SOURCE in {"cookie", "client"} and not oauth_app:
+        access_token = spotify_get_access_token_from_oauth_app(SP_APP_CLIENT_ID, SP_APP_CLIENT_SECRET)
+        oauth_app = True
+        if not access_token:
+            return False
+
     playlist_id = playlist_uri.split(':', 2)[2]
     url = f"https://api.spotify.com/v1/playlists/{playlist_id}?fields=id"
 
@@ -2647,7 +2618,7 @@ def is_playlist_private(access_token, playlist_uri):
         "User-Agent": USER_AGENT
     }
 
-    if TOKEN_SOURCE == "cookie":
+    if TOKEN_SOURCE == "cookie" and not oauth_app:
         headers.update({
             "Client-Id": SP_CACHED_CLIENT_ID
         })
@@ -2662,7 +2633,13 @@ def is_playlist_private(access_token, playlist_uri):
 
 
 # Checks if a Spotify user URI ID has been deleted
-def is_user_removed(access_token, user_uri_id):
+def is_user_removed(access_token, user_uri_id, oauth_app: bool = False):
+    if TOKEN_SOURCE in {"cookie", "client"} and not oauth_app:
+        access_token = spotify_get_access_token_from_oauth_app(SP_APP_CLIENT_ID, SP_APP_CLIENT_SECRET)
+        oauth_app = True
+        if not access_token:
+            return False
+
     url = f"https://api.spotify.com/v1/users/{user_uri_id}"
 
     headers = {
@@ -2670,23 +2647,46 @@ def is_user_removed(access_token, user_uri_id):
         "User-Agent": USER_AGENT
     }
 
-    if TOKEN_SOURCE == "cookie":
+    if TOKEN_SOURCE == "cookie" and not oauth_app:
         headers.update({
             "Client-Id": SP_CACHED_CLIENT_ID
         })
 
+    if platform.system() != 'Windows':
+        signal.signal(signal.SIGALRM, timeout_handler)
+        signal.alarm(FUNCTION_TIMEOUT + 2)
+
     try:
-        response = SESSION.get(url, headers=headers, timeout=FUNCTION_TIMEOUT, verify=VERIFY_SSL)
+        temp_session = req.Session()
+        temp_session.headers.update(headers)
+
+        response = temp_session.get(url, timeout=FUNCTION_TIMEOUT, verify=VERIFY_SSL)
+
+        if response.status_code == 429:
+            return False
+
         if response.status_code == 404:
             return True
         return False
+    except TimeoutException:
+        return False
+    except req.HTTPError as e:
+        if e.response is not None and e.response.status_code == 429:
+            return False
+        elif e.response is not None and e.response.status_code == 404:
+            return True
+        return False
     except Exception:
         return False
+    finally:
+        if platform.system() != 'Windows':
+            signal.alarm(0)
 
 
 # Returns True if the access token owner's user ID matches the provided user_uri_id, False otherwise
 def is_token_owner(access_token, user_uri_id) -> bool:
-    if TOKEN_SOURCE == "oauth_app":
+    # /v1/me is only reliable/usable for oauth_user now
+    if TOKEN_SOURCE != "oauth_user":
         return False
 
     url = "https://api.spotify.com/v1/me"
@@ -2696,11 +2696,6 @@ def is_token_owner(access_token, user_uri_id) -> bool:
         "User-Agent": USER_AGENT
     }
 
-    if TOKEN_SOURCE == "cookie":
-        headers.update({
-            "Client-Id": SP_CACHED_CLIENT_ID
-        })
-
     try:
         response = SESSION.get(url, headers=headers, timeout=FUNCTION_TIMEOUT, verify=VERIFY_SSL)
         response.raise_for_status()
@@ -2710,7 +2705,13 @@ def is_token_owner(access_token, user_uri_id) -> bool:
 
 
 # Returns detailed info about playlist with specified URI (with possibility to get its tracks as well)
-def spotify_get_playlist_info(access_token, playlist_uri, get_tracks):
+def spotify_get_playlist_info(access_token, playlist_uri, get_tracks, oauth_app: bool = False):
+    if TOKEN_SOURCE in {"cookie", "client"} and not oauth_app:
+        access_token = spotify_get_access_token_from_oauth_app(SP_APP_CLIENT_ID, SP_APP_CLIENT_SECRET)
+        oauth_app = True
+        if not access_token:
+            raise Exception("spotify_get_playlist_info(): oauth_app token is missing - set SP_APP_CLIENT_ID/SP_APP_CLIENT_SECRET (or pass -r / --oauth-app-creds)")
+
     parts = playlist_uri.split(':')
     if len(parts) == 3:
         playlist_id = parts[2]
@@ -2730,7 +2731,7 @@ def spotify_get_playlist_info(access_token, playlist_uri, get_tracks):
         "User-Agent": USER_AGENT
     }
 
-    if TOKEN_SOURCE == "cookie":
+    if TOKEN_SOURCE == "cookie" and not oauth_app:
         headers.update({
             "Client-Id": SP_CACHED_CLIENT_ID
         })
@@ -3094,16 +3095,6 @@ def spotify_list_tracks_for_playlist(sp_accessToken, playlist_url, csv_file_name
         list_operation = "* Listing & saving" if csv_file_name else "* Listing"
         print(f"{list_operation} tracks for playlist '{playlist_url}' ...\n")
 
-    user_info = spotify_get_current_user_or_app(sp_accessToken)
-    if user_info and not CLEAN_OUTPUT:
-        if TOKEN_SOURCE == "oauth_app":
-            print(f"Token belongs to:\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})\n")
-        else:
-            print(f"Token belongs to:\t{user_info.get('display_name', '')} (via {TOKEN_SOURCE})\n\t\t\t[ {user_info.get('spotify_url')} ]\n")
-
-    if not CLEAN_OUTPUT:
-        print("─" * HORIZONTAL_LINE)
-
     user_id_name_mapping = {}
     user_track_counts = Counter()
     unknown_added_by_tracks = 0
@@ -3322,18 +3313,6 @@ def spotify_list_liked_tracks(sp_accessToken, csv_file_name, format_type=2):
         list_operation = "* Listing & saving" if csv_file_name else "* Listing"
         print(f"{list_operation} liked tracks for the user owning the token ...\n")
 
-    user_info = spotify_get_current_user_or_app(sp_accessToken)
-    if user_info:
-        username = user_info.get("display_name", "")
-        if not CLEAN_OUTPUT:
-            if TOKEN_SOURCE == "oauth_app":
-                print(f"Token belongs to:\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})\n")
-            else:
-                print(f"Token belongs to:\t{username} (via {TOKEN_SOURCE})\n\t\t\t[ {user_info.get('spotify_url')} ]\n")
-
-    if not CLEAN_OUTPUT:
-        print("─" * HORIZONTAL_LINE)
-
     sp_playlist_data = spotify_get_user_liked_tracks(sp_accessToken)
 
     p_tracks = sp_playlist_data.get("sp_playlist_tracks_count", 0)
@@ -3433,15 +3412,6 @@ def spotify_search_users(access_token, username):
 
     print(f"* Searching for users with '{username}' string ...\n")
 
-    user_info = spotify_get_current_user_or_app(access_token)
-    if user_info:
-        if TOKEN_SOURCE == "oauth_app":
-            print(f"Token belongs to:\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})\n")
-        else:
-            print(f"Token belongs to:\t{user_info.get('display_name', '')} (via {TOKEN_SOURCE})\n\t\t\t[ {user_info.get('spotify_url')} ]\n")
-
-    print("─" * HORIZONTAL_LINE)
-
     try:
         response = SESSION.get(url, headers=headers, timeout=FUNCTION_TIMEOUT, verify=VERIFY_SSL)
         response.raise_for_status()
@@ -3843,13 +3813,6 @@ def spotify_get_user_details(sp_accessToken, user_uri_id):
 
     print(f"* Getting detailed info for user with URI ID '{user_uri_id}' ...\n")
 
-    user_info = spotify_get_current_user_or_app(sp_accessToken)
-    if user_info:
-        if TOKEN_SOURCE == "oauth_app":
-            print(f"Token belongs to:\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})\n")
-        else:
-            print(f"Token belongs to:\t{user_info.get('display_name', '')} (via {TOKEN_SOURCE})\n\t\t\t[ {user_info.get('spotify_url')} ]\n")
-
     sp_user_data = spotify_get_user_info(sp_accessToken, user_uri_id, DETECT_CHANGES_IN_PLAYLISTS, RECENTLY_PLAYED_ARTISTS_LIMIT_INFO)
     sp_user_followers_data = spotify_get_user_followers(sp_accessToken, user_uri_id)
     sp_user_followings_data = spotify_get_user_followings(sp_accessToken, user_uri_id)
@@ -3928,13 +3891,6 @@ def spotify_get_user_details(sp_accessToken, user_uri_id):
 def spotify_get_recently_played_artists(sp_accessToken, user_uri_id):
     print(f"* Getting list of recently played artists for user with URI ID '{user_uri_id}' ...\n")
 
-    user_info = spotify_get_current_user_or_app(sp_accessToken)
-    if user_info:
-        if TOKEN_SOURCE == "oauth_app":
-            print(f"Token belongs to:\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})\n")
-        else:
-            print(f"Token belongs to:\t{user_info.get('display_name', '')} (via {TOKEN_SOURCE})\n\t\t\t[ {user_info.get('spotify_url')} ]\n")
-
     sp_user_data = spotify_get_user_info(sp_accessToken, user_uri_id, False, RECENTLY_PLAYED_ARTISTS_LIMIT)
 
     username = sp_user_data["sp_username"]
@@ -3961,13 +3917,6 @@ def spotify_get_recently_played_artists(sp_accessToken, user_uri_id):
 def spotify_get_followers_and_followings(sp_accessToken, user_uri_id):
     print(f"* Getting followers & followings for user with URI ID '{user_uri_id}' ...\n")
 
-    user_info = spotify_get_current_user_or_app(sp_accessToken)
-    if user_info:
-        if TOKEN_SOURCE == "oauth_app":
-            print(f"Token belongs to:\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})\n")
-        else:
-            print(f"Token belongs to:\t{user_info.get('display_name', '')} (via {TOKEN_SOURCE})\n\t\t\t[ {user_info.get('spotify_url')} ]\n")
-
     sp_user_data = spotify_get_user_info(sp_accessToken, user_uri_id, False, 0)
     image_url = sp_user_data["sp_user_image_url"]
     sp_user_followers_data = spotify_get_user_followers(sp_accessToken, user_uri_id)
@@ -4556,7 +4505,7 @@ def resolve_executable(path):
 
 # Monitors profile changes of the specified Spotify user URI ID
 def spotify_profile_monitor_uri(user_uri_id, csv_file_name, playlists_to_skip):
-    global SP_CACHED_ACCESS_TOKEN
+    global SP_CACHED_ACCESS_TOKEN, SP_CACHED_OAUTH_APP_TOKEN
     playlists_count = 0
     playlists_old_count = 0
     playlists = None
@@ -4589,7 +4538,6 @@ def spotify_profile_monitor_uri(user_uri_id, csv_file_name, playlists_to_skip):
         else:
             sp_accessToken = spotify_get_access_token_from_sp_dc(SP_DC_COOKIE)
         sp_user_data = spotify_get_user_info(sp_accessToken, user_uri_id, DETECT_CHANGES_IN_PLAYLISTS, 0)
-        user_info = spotify_get_current_user_or_app(sp_accessToken)
         sp_user_followers_data = spotify_get_user_followers(sp_accessToken, user_uri_id)
         sp_user_followings_data = spotify_get_user_followings(sp_accessToken, user_uri_id)
     except Exception as e:
@@ -4597,6 +4545,7 @@ def spotify_profile_monitor_uri(user_uri_id, csv_file_name, playlists_to_skip):
 
         if TOKEN_SOURCE == 'cookie' and '401' in err:
             SP_CACHED_ACCESS_TOKEN = None
+            SP_CACHED_OAUTH_APP_TOKEN = None
 
         client_errs = ['access token', 'invalid client token', 'expired client token', 'refresh token has been revoked', 'refresh token has expired', 'refresh token is invalid', 'invalid grant during refresh']
         cookie_errs = ['access token', 'unauthorized', 'unsuccessful token request']
@@ -4621,13 +4570,6 @@ def spotify_profile_monitor_uri(user_uri_id, csv_file_name, playlists_to_skip):
 
         sys.exit(1)
 
-    if user_info:
-        if TOKEN_SOURCE == "oauth_app":
-            print(f"Token belongs to:\t\t{user_info.get('client_id', '')} (via {TOKEN_SOURCE})")
-        else:
-            print(f"Token belongs to:\t\t{user_info.get('display_name', '')} (via {TOKEN_SOURCE})\n\t\t\t\t[ {user_info.get('spotify_url')} ]")
-        print("─" * HORIZONTAL_LINE)
-
     username = sp_user_data["sp_username"]
     image_url = sp_user_data["sp_user_image_url"]
 
@@ -5896,7 +5838,7 @@ def main():
         "-x", "--list-liked-tracks",
         dest="list_liked_tracks",
         action="store_true",
-        help="List all liked tracks for the user owning the Spotify access token"
+        help="List all liked tracks for the user owning the Spotify access token (works only with oauth_user)"
     )
     listing.add_argument(
         "-i", "--show-user-profile",
@@ -5916,12 +5858,6 @@ def main():
         action="store_true",
         help="List followers & followings for a user"
     )
-    listing.add_argument(
-        "-v", "--show-user-info",
-        dest="show_user_info",
-        action="store_true",
-        help="Get basic information about the Spotify access token owner"
-    )
     listing.add_argument(
         "-s", "--search-username",
         dest="search_username",
@@ -6102,7 +6038,8 @@ def main():
         except ModuleNotFoundError:
             raise SystemExit("Error: Couldn't find the pyotp library !\n\nTo install it, run:\n    pip install pyotp\n\nOnce installed, re-run this tool")
 
-    if TOKEN_SOURCE == "oauth_app":
+    # spotipy is required for oauth_app tokens (also used as a secondary token in cookie/client hybrid mode)
+    if TOKEN_SOURCE in {"oauth_app", "cookie", "client"}:
         try:
             from spotipy.oauth2 import SpotifyClientCredentials
         except ModuleNotFoundError:
@@ -6150,6 +6087,14 @@ def main():
     if args.error_interval:
         SPOTIFY_ERROR_INTERVAL = args.error_interval
 
+    # Allow providing oauth_app creds via CLI for both oauth_app token source and cookie/client hybrid mode
+    if args.oauth_app_creds:
+        try:
+            SP_APP_CLIENT_ID, SP_APP_CLIENT_SECRET = args.oauth_app_creds.split(":")
+        except ValueError:
+            print("* Error: -r / --oauth-app-creds has invalid format - use SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET")
+            sys.exit(1)
+
     if TOKEN_SOURCE == "client":
         login_request_body_file_param = False
         if args.login_request_body_file:
@@ -6167,7 +6112,7 @@ def main():
                     print(f"* Error: Protobuf file ({LOGIN_REQUEST_BODY_FILE}) cannot be processed: {e}")
                     sys.exit(1)
                 else:
-                    if not args.user_id and not args.list_tracks_for_playlist and not args.search_username and not args.user_profile_details and not args.recently_played_artists and not args.followers_and_followings and not args.show_user_info and not args.list_liked_tracks and login_request_body_file_param:
+                    if not args.user_id and not args.list_tracks_for_playlist and not args.search_username and not args.user_profile_details and not args.recently_played_artists and not args.followers_and_followings and not args.list_liked_tracks and login_request_body_file_param:
                         print(f"* Login data correctly read from Protobuf file ({LOGIN_REQUEST_BODY_FILE}):")
                         print(" - Device ID:\t\t", DEVICE_ID)
                         print(" - System ID:\t\t", SYSTEM_ID)
@@ -6219,7 +6164,7 @@ def main():
                     print(f"* Error: Protobuf file ({CLIENTTOKEN_REQUEST_BODY_FILE}) cannot be processed: {e}")
                     sys.exit(1)
                 else:
-                    if not args.user_id and not args.list_tracks_for_playlist and not args.search_username and not args.user_profile_details and not args.recently_played_artists and not args.followers_and_followings and not args.show_user_info and not args.list_liked_tracks and clienttoken_request_body_file_param:
+                    if not args.user_id and not args.list_tracks_for_playlist and not args.search_username and not args.user_profile_details and not args.recently_played_artists and not args.followers_and_followings and not args.list_liked_tracks and clienttoken_request_body_file_param:
                         print(f"* Client token data correctly read from Protobuf file ({CLIENTTOKEN_REQUEST_BODY_FILE}):")
                         print(" - App version:\t\t", APP_VERSION)
                         print(" - CPU arch:\t\t", CPU_ARCH)
@@ -6244,13 +6189,6 @@ def main():
             APP_VERSION = app_version_default
 
     elif TOKEN_SOURCE == "oauth_app":
-        if args.oauth_app_creds:
-            try:
-                SP_APP_CLIENT_ID, SP_APP_CLIENT_SECRET = args.oauth_app_creds.split(":")
-            except ValueError:
-                print("* Error: -r / --oauth-app-creds has invalid format - use SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET")
-                sys.exit(1)
-
         if any([
             not SP_APP_CLIENT_ID,
             SP_APP_CLIENT_ID == "your_spotify_app_client_id",
@@ -6283,6 +6221,17 @@ def main():
             print("* Error: SP_DC_COOKIE (-u / --spotify_dc_cookie) value is empty or incorrect")
             sys.exit(1)
 
+    # Hybrid mode requirement: cookie/client now needs oauth_app creds for /v1/users and /v1/playlists calls
+    if TOKEN_SOURCE in {"cookie", "client"}:
+        if any([
+            not SP_APP_CLIENT_ID,
+            SP_APP_CLIENT_ID == "your_spotify_app_client_id",
+            not SP_APP_CLIENT_SECRET,
+            SP_APP_CLIENT_SECRET == "your_spotify_app_client_secret",
+        ]):
+            print("* Error: SP_APP_CLIENT_ID or SP_APP_CLIENT_SECRET (-r / --oauth-app-creds) value is empty or incorrect (required for cookie/client hybrid mode since 22 Dec 2025)")
+            sys.exit(1)
+
     if IMGCAT_PATH:
         try:
             imgcat_exe = resolve_executable(IMGCAT_PATH)
@@ -6295,40 +6244,6 @@ def main():
     if SP_USER_TOKENS_FILE:
         SP_USER_TOKENS_FILE = os.path.expanduser(SP_USER_TOKENS_FILE)
 
-    if args.show_user_info:
-        print("* Getting basic information about access token owner ...\n")
-        try:
-            if TOKEN_SOURCE == "client":
-                sp_accessToken = spotify_get_access_token_from_client_auto(DEVICE_ID, SYSTEM_ID, USER_URI_ID, REFRESH_TOKEN)
-            elif TOKEN_SOURCE == "oauth_app":
-                sp_accessToken = spotify_get_access_token_from_oauth_app(SP_APP_CLIENT_ID, SP_APP_CLIENT_SECRET)
-            elif TOKEN_SOURCE == "oauth_user":
-                sp_accessToken = spotify_get_access_token_from_oauth_user(SP_USER_CLIENT_ID, SP_USER_CLIENT_SECRET, SP_USER_REDIRECT_URI, SP_USER_SCOPE, init=True)
-            else:
-                sp_accessToken = spotify_get_access_token_from_sp_dc(SP_DC_COOKIE)
-            user_info = spotify_get_current_user_or_app(sp_accessToken)
-
-            if user_info:
-                print(f"Token fetched via '{TOKEN_SOURCE}' belongs to:\n")
-
-                if TOKEN_SOURCE == "oauth_app":
-                    print(f"App client ID:\t\t{user_info.get('client_id', '')}")
-                else:
-                    print(f"Username:\t\t{user_info.get('display_name', '')}")
-                    print(f"User URI ID:\t\t{user_info.get('uri', '').split('spotify:user:', 1)[1]}")
-                    print(f"User URL:\t\t{user_info.get('spotify_url', '')}")
-                    print(f"User e-mail:\t\t{user_info.get('email', '')}")
-                    print(f"User country:\t\t{user_info.get('country', '')}")
-                    print(f"Is Premium?:\t\t{user_info.get('is_premium', '')}")
-            else:
-                print("Failed to retrieve user info.")
-
-            print("─" * HORIZONTAL_LINE)
-        except Exception as e:
-            print(f"* Error: {e}")
-            sys.exit(1)
-        sys.exit(0)
-
     if args.csv_file:
         CSV_FILE = os.path.expanduser(args.csv_file)
     else:
@@ -6363,8 +6278,8 @@ def main():
         sys.exit(0)
 
     if args.list_liked_tracks:
-        if TOKEN_SOURCE not in {"client", "oauth_user"}:
-            print(f"* Error: List of liked tracks is not supported with the '{TOKEN_SOURCE}' method ! Use the 'client' or 'oauth_user' token source instead !")
+        if TOKEN_SOURCE not in {"oauth_user"}:
+            print(f"* Error: List of liked tracks is not supported with the '{TOKEN_SOURCE}' method ! Use the 'oauth_user' token source instead !")
             sys.exit(2)
         try:
             if TOKEN_SOURCE == "client":
@@ -6565,7 +6480,7 @@ def main():
 
     print(f"* Spotify polling intervals:\t[check: {display_time(SPOTIFY_CHECK_INTERVAL)}] [error: {display_time(SPOTIFY_ERROR_INTERVAL)}]")
     print(f"* Email notifications:\t\t[profile changes = {PROFILE_NOTIFICATION}] [followers/followings = {FOLLOWERS_FOLLOWINGS_NOTIFICATION}]\n*\t\t\t\t[errors = {ERROR_NOTIFICATION}]")
-    print(f"* Token source:\t\t\t{TOKEN_SOURCE}")
+    print(f"* Token source:\t\t\t{TOKEN_SOURCE}" + (" + oauth_app" if TOKEN_SOURCE in {"cookie", "client"} else ""))
     print(f"* Profile pic changes:\t\t{DETECT_CHANGED_PROFILE_PIC}")
     print(f"* Playlist changes:\t\t{DETECT_CHANGES_IN_PLAYLISTS}")
     print(f"* All public playlists:\t\t{GET_ALL_PLAYLISTS}")
@@ -6578,8 +6493,12 @@ def main():
     print(f"* Output logging enabled:\t{not DISABLE_LOGGING}" + (f" ({FINAL_LOG_PATH})" if not DISABLE_LOGGING else ""))
     if not DISABLE_LOGGING and TRUNCATE_CHARS > 0:
         print(f"* Truncate terminal lines:\t{TRUNCATE_CHARS} chars")
-    if TOKEN_SOURCE in ('oauth_user', 'oauth_app'):
-        print(f"* Spotify token cache file:\t{({'oauth_app': SP_APP_TOKENS_FILE, 'oauth_user': SP_USER_TOKENS_FILE}.get(TOKEN_SOURCE) or 'None (memory only)')}")
+    if TOKEN_SOURCE == 'oauth_user':
+        print(f"* Spotify token cache file:\t{SP_USER_TOKENS_FILE if SP_USER_TOKENS_FILE else 'None (memory only)'}")
+    elif TOKEN_SOURCE == 'oauth_app':
+        print(f"* Spotify token cache file:\t{SP_APP_TOKENS_FILE if SP_APP_TOKENS_FILE else 'None (memory only)'}")
+    elif TOKEN_SOURCE in {'cookie', 'client'}:
+        print(f"* Spotify OAuth cache file:\t{SP_APP_TOKENS_FILE if SP_APP_TOKENS_FILE else 'None (memory only)'}")
     print(f"* Configuration file:\t\t{cfg_path}")
     print(f"* Dotenv file:\t\t\t{env_path or 'None'}")
     print(f"* Local timezone:\t\t{LOCAL_TIMEZONE}\n")