[How To] Request a X-Plex-Token token for your app

Dev Community Dev/API Corner
61

Code please…

And FYI, using it here:

62

This is working for me now that I used my username and password correctly. Initially I had swapped them. :-/

1 Like
63

Took a crack at turning it into a PowerShell function :slight_smile:
Edit: Added global variable for later use.

Function Get-PlexToken{
  [CmdletBinding()]
  Param (
      [Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=1)]
      [ValidateNotNullOrEmpty()]
      [Alias("UN")]
      [String]$UserName,
      [Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=2)]
      [ValidateNotNullOrEmpty()]
      [Alias("PW")]
      [String]$Password
  )
  Begin{
      
      $Global:PlexAuth = [PSCustomObject]@{}
      Write-Verbose "Building RestMethod syntax..."
      $URI = 'https://plex.tv/users/sign_in.xml'
      $Headers = @{
          'Authorization' = 'Basic ' + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($UserName):$($Password)"))
          'X-Plex-Client-Identifier' = 'PoShAuth1.1'
          'X-Plex-Product' = 'PowerShell Authorization'
          'X-Plex-Version' = '1.1'
      }
  }
  Process{
      Try{
          Write-Verbose "Invoking response to Plex TV API using UserName: $UserName Password: $Password..."
          [xml]$Auth = Invoke-RestMethod -Uri $URI -Headers $Headers -Method Post
      }
      Catch{
          Write-Warning 'No Token Recieved! Turn on Verbose to check.'
          Switch($_.Exception.Response.StatusCode.value__){
              401{Write-Verbose "Information: Username and/or password incorrect. Exception: $($Error[0].Exception.Response.StatusDescription) ErrorId: $($Error[0].Exception.Response.StatusCode.value__)"}
              201{Write-Verbose "Information: Failed to log in. Exception: $($Error[0].Exception.Response.StatusDescription) ErrorId: $($Error[0].Exception.Response.StatusCode.value__)"}
              Else{Write-Verbose "Information: Unknown! Exception: $($Error[0].Exception.Response.StatusDescription) ErrorId: $($Error[0].Exception.Response.StatusCode.value__)"}
          }
      }
  }
  End{
       If ($Auth){
           Write-Verbose 'Building Global Variable $PlexAuth...'
           $Global:PlexAuth = [PSCustomObject]@{
               'UserName' = $($Auth.user.username[0])
               'EMail' = $($Auth.user.email[0])
               'Token' = $($Auth.user.authenticationToken)
               'ID' = $($Auth.user.id)
               'UUID' = $($Auth.user.uuid)
               'PIN' = $($Auth.user.pin)
           }
           Write-Output $PlexAuth
       }
  }
}
2 Likes
64

Same here. I’m developing a script right now to push updates to the server and I’m hesitant to put username/pw plaintext in the script.

I guess I’m forced to use the browser token right now and make sure I don’t remove it from my authorized apps list until Plex comes up with a better method.

65

Huh…

So you want Plex to provide a backdoor?

Why not simply change your script to have sensitive info as params, since the other thing is never going to happen!

66

Huh? Backdoor? I’m simply requesting the same process Google uses for third-party apps to login to their services. You never provide the password directly to the app: tokens are always used.

I can do what you suggest regarding params, but the fact remains that I would still have a plaintext password in a plaintext script, which is insecure.

67

Hello, it seems that requests for Podcasts resources at https://podcasts.provider.plex.tv and children are denied to tokens obtained from the API endpoint, but allowed to tokens from web sessions.

Is this intended behavior?
(and laterally, is this the right place to ask such a question? :stuck_out_tongue: )

68

Count me down as another one who is getting the same exact error. How did you fix this? I tried full email / password, short username / password, but none of it works.

69

I’m gonna guess what you’re missing is URL escape sequence encoding for your username and password. The command for curl is like so:

curl -H 'x-plex-client-identifier: $something' --data 'user[login]=$user' --data 'user[password]=$pass' 'https://plex.tv/users/sign_in.xml'

Where $something can be whatever you like and $user and $password are your escaped credentials. Email or username are both fine.

1 Like
70

I didn’t change anything and it works now, but thanks.

Any way to pass encoded passwords through my bash script to to sign_in.xml?

71

Hi,
We are doing the authentication request from our server for our users.
So all connection request to get this X-Plex-Token are made from the same IP.
Unfortunately, we got sometime this error when some users attempt to connect Plex in short amount of time:
“Your IP address has been temporarily blocked”

Can we have a tech contact at Plex to discuss about this issue ?
Thank you.

72

I’m not sure I understand what you mean by “encoded”. AFAIK credentials have to be put in plaintext in the POST request body (it gets encrypted by TLS over the Internet), so you’ll have to pass them in plaintext to your script, it can’t be a hash. You may want to turn off bash history.
If you mean a command line utility to URL encode for piping or what have you, after a closer look it seems curl can do it itself.

73

so you’ll have to pass them in plaintext to your script, it can’t be a hash.

That’s what I wanted to do, since my script is accessible on a shared drive. I’ll just lock that down I guess, but I am still against keeping password in plaintext just on principle.

Ok, well, thanks for trying :slight_smile:

75

https://support.plex.tv/articles/204059436-finding-an-authentication-token-x-plex-token/

76

I appreciate the link , but that’s where i started from last month, I don’t understand how to use the json or an html format. I need some guidance…
Do I cut n paste int to my web browser?? use an shell operator?? I can’t understand where to use it, how it should be formatted… I know the user / pass but I’m a noob to this, sorry… IT IS Greek, the years long post(s) looses me
What’s the best simplest way ?? a simpleton explanation

77

Huh…

You said:

Regarding howto, it all depends on what the home assist wants, and can’t help with that, since unknown to me

78

Ok I deleted my first post. Home Assistant, have it handled on my side.

How do I use " user[login] and user[password] form values in the body. For example: user%5Blogin%5D=plexusername&user%5Bpassword%5D=myplexpassword".
I’ve never had to use POST before, what is the correct way to use the command with the above string of characters. I tried to insert my info between %5B____%5D=plexusername&user%5B_______%5D=myplexpassword. Is that the correct way to insert my info?

79

You don’t

You use a token param, as:

https://<IP_OF_PMS>:32400/<URL_YOU_WANT>?X-Plex-Token=<THE_TOKEN_FROM_THE_SUPPORT_ARTICLE>

80

Oh, for the love of God, why isn’t this a simple button on your “Authorized Devices” page? LOL

I’m running Home Assistant in a FreeNAS jail, and I need a permanent token for it. It’s not an uncommon scenario, but I can’t find a clear explanation of what on earth to do. Scripts, Powershell, HTTP POST/GET…??? What? Where? In the shell of the base jail, any linux command line? Seriously, this shouldn’t be this hard…

In my scenario, can anyone walk me through this so I can put this part of the configuration behind me? I’d appreciate it very much.

Thanks in advance,
Steven

1 Like
81

I already gave a link for getting the token!