Async Yandex Passport (mobile) auth library for Music Assistant providers

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for trudenboy from gravatar.com trudenboy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Mikhail Nevskiy
  • Tags aiohttp , async , music-assistant , oauth , passport , yandex
  • Requires: Python >=3.12
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

ya-passport-auth

Async Yandex Passport (mobile) authentication library for Music Assistant providers.

CI PyPI Python 3.12+ License: MIT

Features

  • Full token-derivation graph — QR login, x_token exchange, music_token refresh, Passport cookie refresh, Quasar CSRF, Glagol device token, account info.
  • Security-firstSecretStr redacts tokens in repr/str/format/tracebacks, blocks pickling, host allow-list, CSRF extraction, rate limiting, response size caps, log redaction.
  • Async-native — built on aiohttp with asyncio.Lock-protected rate limiter and connection management.
  • Strictly typedmypy --strict clean, PEP 561 py.typed marker.

Installation

pip install ya-passport-auth

Quick start

from ya_passport_auth import PassportClient, SecretStr

async def main():
    async with PassportClient.create() as client:
        # QR login
        qr = await client.start_qr_login()
        print(f"Scan QR: {qr.qr_url}")
        creds = await client.poll_qr_until_confirmed(qr)

        # Token refresh
        new_music = await client.refresh_music_token(creds.x_token)

        # Account info
        info = await client.fetch_account_info(creds.x_token)
        print(f"Logged in as {info.display_login} (uid={info.uid})")

API overview

PassportClient

Method Description
start_qr_login() Begin QR login, returns QrSession
poll_qr_until_confirmed(qr) Poll until scanned, returns Credentials
complete_qr_login(qr) Exchange confirmed QR for tokens
refresh_music_token(x_token) x_token -> music_token
refresh_passport_cookies(x_token) Refresh session cookies
get_quasar_csrf_token() Quasar CSRF token
get_glagol_device_token(music_token, ...) Glagol device token
fetch_account_info(x_token) Account metadata
validate_x_token(x_token) Check if token is valid

SecretStr

Opaque wrapper — repr() and str() return ***, pickling raises TypeError. Access plaintext only via get_secret().

Exception hierarchy

YaPassportError
├── NetworkError
│   └── UnexpectedHostError
└── AuthFailedError
    ├── InvalidCredentialsError
    ├── CsrfExtractionError
    ├── RateLimitedError
    ├── QRPendingError
    └── QRTimeoutError

Security disclaimer

This library interacts with Yandex Passport using public mobile OAuth client IDs and secrets extracted from official Yandex Android applications. These values are well-known and present in many open-source projects; they are treated here as constants, not secrets. Do not use this library for anything other than authenticating into your own Yandex account.

There is no official Yandex API for the mobile Passport flow. Endpoints, response shapes, and regex patterns may break without notice.

License

MIT. See LICENSE and NOTICE for third-party attribution.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for trudenboy from gravatar.com trudenboy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Mikhail Nevskiy
  • Tags aiohttp , async , music-assistant , oauth , passport , yandex
  • Requires: Python >=3.12
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

1.2.3

1.2.2

1.2.1

1.2.0

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ya_passport_auth-1.0.0.tar.gz (40.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ya_passport_auth-1.0.0-py3-none-any.whl (29.0 kB view details)

Uploaded Python 3

File details

Details for the file ya_passport_auth-1.0.0.tar.gz.

File metadata

  • Download URL: ya_passport_auth-1.0.0.tar.gz
  • Upload date:
  • Size: 40.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ya_passport_auth-1.0.0.tar.gz
Algorithm Hash digest
SHA256 57ec04acf523c66405abed4dd03a68a5dc45cd0a81ce8cf0706f51b5f5d11f6e
MD5 0b7d8ec60be967d62e9771e08158fecc
BLAKE2b-256 71a889800739db20a0e9b10ce278c50c6f3004ac58254cf945972ddbab60ec33

See more details on using hashes here.

Provenance

The following attestation bundles were made for ya_passport_auth-1.0.0.tar.gz:

Publisher: release.yml on trudenboy/ya-passport-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ya_passport_auth-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ya_passport_auth-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1045664fd1f80b9bdb1d477ffd2ed0abdf392ae39841204e5fb447d04222ee93
MD5 a5dbe2e9fa7fa598f65b14f42b92464d
BLAKE2b-256 bca0b2b94b46dcb9ad03cc23fbb4ae113d5fad04a5f2022741b08c0859329eb2

See more details on using hashes here.

Provenance

The following attestation bundles were made for ya_passport_auth-1.0.0-py3-none-any.whl:

Publisher: release.yml on trudenboy/ya-passport-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page