[Solved] Obtaining X-Plex-Token of Friends (for my server)

Hi,

I’d like to obtain server tokens used by my friends who access my Plex server, so that I can impersonate them in order to duplicate playlists to their accounts. Disclaimer: I don’t want to use Python and PlexAPI, as I’m coding bits that I’ll find useful in PowerShell instead.

Does anyone know if this is possible? These are not “Home Users” but independent users who I’ve shared access to various libraries to. I had wondered if these tokens would be in the Plex log files (if a user is accessing your server, they have to provide a token to prove it’s them so…). However it’s not possible to keep tokens in log files anymore.

If I get a friend to obtain his user token (by authenticating against https://plex.tv/users/sign_in.xml), I can use that to see the server token he uses for my server (from https://plex.tv/api/servers?X-Plex-Token=blah) but this is not ideal at all; he has to perform a manual process running some code and to most users this is just a hassle / they’re unable to do it.

Any thoughts?

Cheers.

This is gonna be a tough ask cause plex ain’t in the business of handing out other peoples token information even if you do have good intentions.

I understand, but I don’t want their user token (which grants access to a lot more data) - it only requires the unique server token they have for my server in order to create playlists for them.

*edit: Not 100% sure if the terminology is correct but a user is granted a token when signing into Plex Web, but they have a different one for accessing each server.

Do you know how to get or find your own auth token?

If you have this you can probably get the info you want.

Yeah I have my own token, but I can’t find a way to use this to figure out what server tokens have been issued to friends to access my server. There’s no api/rest endpoint that I can see, that shows this information.

I had a moment of hope and thought might be visible in http://myserver/status/sessions?X-Plex-Token=MYUSERTOKEN when someone was streaming but it’s not in that.

Solved with help (and glad to see it’s possible as really you should have full control over who is accessing your server and how - which implies access to their token), but won’t post the information publicly just in-case people want to misuse it.

You give a man a dollar but tell him how to use it? A bit unfair.

Well the person who helped me didn’t want to post it publicly so I was attempting to respect that (unsure if Plex mods would dislike it).

At a later date I’ll release a PowerShell module that’ll do the job.

That’s good. Don’t get me wrong. I have no interest in the how of token blah,blah…
Just responding to your desire to have absolute, total control over what you “give” out.

You’re probably right. Good thing you didn’t. Sadly, grudges last a lifetime here.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.