I’ve been writing a program that uses the new JWT flow (option 1 under https://developer.plex.tv/pms/#section/API-Info/Authenticating-with-Plex). I have the authentication working all the way up until the final step in section 2 (“Exchange for Plex Token”), but the resulting authentication token doesn’t let me do anything; I get a 401 code on pretty much every endpoint that needs authentication.
Now, I have to imagine that it’s a scope issue, as the vast majority of the endpoints listed in the official docs seem to require ‘shared user’ and ‘admin’ scope, but I’m not sure exactly how or when to apply that scope. Under section 2, in “Scope Details”, a few possible scope options are listed, but none of those seem to be the scopes I need (in fact, I haven’t seen any endpoints that use these scopes, either). I’ve tried applying “shared_user,admin” as scopes on the JWT that I send to get the final auth token, but that doesn’t seem to be the way forward either.
Eg,
# Create a JWT containing the nonce
local_jwt = jwt.JWT(
header={
"alg": "EdDSA",
"typ": "JWT",
"kid": "--clientid--"
},
claims={
"nonce": "--nonce--",
"scope": "shared_user,admin,username,email,friendly_name",
"aud": "plex.tv",
"iss": client_id,
"iat": int(time()),
"exp": int(time()) + 86400,
}
)
I sign the JWT and send it. I get a valid response back, with the Plex auth JWT. Then,
res = requests.get(
headers={
"X-Plex-Token": auth_token
},
url=uri + "/status/sessions"
)
print(res.text) # => <html><head><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>
For reference here, I’m using the jwcrypto and requests Python libraries. It’s entirely possible that I have a fundamental misunderstanding of how this API works, and I’d love to be corrected. Thank you for reading!
