I maintain a Go client for the Plex API and I’m in the process of implementing JWT authentication.
One of the things I’m trying to do is look up the registered PMS servers to get the token for the PMS server. Previously, I was using /devices.xml, but I think that’s part of the legacy endpoints? So am looking at /api/v2/resources.
This one works fine when I call it with a legacy token in X-Plex-Token and returns the correct (legacy) token for the server.
However, when I call it with a JWT token in X-Plex-Token, I get back a JWT token for the PMS server? But my up-to-date PMS server rejects that token: any authenticated call returns 401 - Unauthorized.
I have not. In fact, I noticed that even the behavior of /devices.xml has changed: previously it included a token to use for the pms server. but now they’ve (silently?) removed that.
Here’s how I understand it: the new JWT auth mechanism gives you a new JWT token. You can use that to access the plex.tv API. However, PMS does not understand JWT tokens: it only supports legacy tokens. So why Plex documents them in a document on the PMS API is … well, confusing at best.
So, even once you have a JWT token, you still need a way to obtain a PMS (legacy) token. And I have not found anywhere documented how to do that: /devices.xml used to work for that, but now that API no longer returns the device’s token. And /api/v2/resources seems to always return a JWT token. So, we’re … stuck?
I’ve decided that JWT is just too new (and lacking documentation) for now, so I’ve parked trying to support it. Maybe one day …
