[PLEX/BUG]: External (invited users) no longer usable

[arabcoders]

Unfortunately due to changes from plex.tv end in response to CVEs, it's no longer possible to generate auth tokens scoped to the server for invited users, as such we have to make some changes prevent external users from being added.

Refs:
https://forums.plex.tv/t/information-related-to-security-vulnerabilities/935164/24
pushingkarmaorg/python-plexapi#1598

[Batorian]

Hey, I saw your comment on this issue and was wondering whether that is also responsible for a similar issue I am having with JellyPlex-Watched. I am an invited user into a Plex Home library and this issue has only been occurring recently.

[arabcoders]

Hey, I saw your comment on this issue and was wondering whether that is also responsible for a similar issue I am having with JellyPlex-Watched. I am an invited user into a Plex Home library and this issue has only been occurring recently.

Yes, you can no longer generate access token for shared users from the admin account. you can still manually do it if you log in the user and extract the token your self.

[Batorian]

Yes, you can no longer generate access token for shared users from the admin account. you can still manually do it if you log in the user and extract the token your self.

Ah ok, cause when I use my own token (non-admin token), then I no longer get the Plex: failed to get token for... error but an unauthorized error instead:

ERROR | src.main:main:320 - (401) unauthorized; https://plex.tv/api/v2/user 
<?xml version="1.0" encoding="UTF-8"?> <errors> <error code="1001" message="User could not be authenticated" status="401"/> </errors>

I wasn't able to find any solution for this so I was always forced to use the admin token.

[arabcoders]

@Batorian i honestly have no idea how the code works there, you could probably disable the auth flow and simply hardcode your extracted token to make it work right now until the author do something about it.

[Batorian]

@arabcoders Ok, thanks for the help.

[Batorian]

@arabcoders Just wanted to let you know that I actually switched to WatchState lol. I only used JellyPlex-Watched cause I didn't find any alternatives but your tool is way better imo. Good work!

[JTHicks26]

With Plex reverting the change to shared_tokens are there any plans to re-add external user functionality? 🙂

https://forums.plex.tv/t/information-related-to-security-vulnerabilities/935164/57