Async Yandex Passport (mobile) auth library for Music Assistant providers

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for trudenboy from gravatar.com trudenboy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Mikhail Nevskiy
  • Tags aiohttp , async , music-assistant , oauth , passport , yandex
  • Requires: Python >=3.12
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

ya-passport-auth

Async Yandex Passport (mobile) authentication library for Music Assistant providers.

CI PyPI Python 3.12+ License: MIT

Features

  • Full token-derivation graph — QR login, x_token exchange, music_token refresh, Passport cookie refresh, Quasar CSRF, Glagol device token, account info.
  • Security-firstSecretStr redacts tokens in repr/str/format/tracebacks, blocks pickling, host allow-list, CSRF extraction, rate limiting, response size caps, log redaction.
  • Async-native — built on aiohttp with asyncio.Lock-protected rate limiter and connection management.
  • Strictly typedmypy --strict clean, PEP 561 py.typed marker.

Installation

pip install ya-passport-auth

Quick start

from ya_passport_auth import PassportClient, SecretStr

async def main():
    async with PassportClient.create() as client:
        # QR login
        qr = await client.start_qr_login()
        print(f"Scan QR: {qr.qr_url}")
        creds = await client.poll_qr_until_confirmed(qr)

        # Token refresh
        new_music = await client.refresh_music_token(creds.x_token)

        # Account info
        info = await client.fetch_account_info(creds.x_token)
        print(f"Logged in as {info.display_login} (uid={info.uid})")

API overview

PassportClient

Method Description
start_qr_login() Begin QR login, returns QrSession
poll_qr_until_confirmed(qr) Poll until scanned, returns Credentials
complete_qr_login(qr) Exchange confirmed QR for tokens
refresh_music_token(x_token) x_token -> music_token
refresh_passport_cookies(x_token) Refresh session cookies
get_quasar_csrf_token() Quasar CSRF token
get_glagol_device_token(music_token, ...) Glagol device token
fetch_account_info(x_token) Account metadata
validate_x_token(x_token) Check if token is valid

SecretStr

Opaque wrapper — repr() and str() return ***, pickling raises TypeError. Access plaintext only via get_secret().

Exception hierarchy

YaPassportError
├── NetworkError
│   └── UnexpectedHostError
└── AuthFailedError
    ├── InvalidCredentialsError
    ├── CsrfExtractionError
    ├── RateLimitedError
    ├── QRPendingError
    └── QRTimeoutError

Security disclaimer

This library interacts with Yandex Passport using public mobile OAuth client IDs and secrets extracted from official Yandex Android applications. These values are well-known and present in many open-source projects; they are treated here as constants, not secrets. Do not use this library for anything other than authenticating into your own Yandex account.

There is no official Yandex API for the mobile Passport flow. Endpoints, response shapes, and regex patterns may break without notice.

License

MIT. See LICENSE and NOTICE for third-party attribution.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for trudenboy from gravatar.com trudenboy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Mikhail Nevskiy
  • Tags aiohttp , async , music-assistant , oauth , passport , yandex
  • Requires: Python >=3.12
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

1.2.3

1.2.2

1.2.1

This version

1.2.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ya_passport_auth-1.2.0.tar.gz (44.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ya_passport_auth-1.2.0-py3-none-any.whl (31.9 kB view details)

Uploaded Python 3

File details

Details for the file ya_passport_auth-1.2.0.tar.gz.

File metadata

  • Download URL: ya_passport_auth-1.2.0.tar.gz
  • Upload date:
  • Size: 44.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ya_passport_auth-1.2.0.tar.gz
Algorithm Hash digest
SHA256 0fe6acad1b267d1cd25c72550432b33e6e9e97570f8169bb965fac42be9fbad9
MD5 4baeb41d18702554e1a3f1723f8293e3
BLAKE2b-256 6ecaafe4ac63f7c274eb57cd74fa2d6e1e2509a9eb259c2928df8df8a2102509

See more details on using hashes here.

Provenance

The following attestation bundles were made for ya_passport_auth-1.2.0.tar.gz:

Publisher: release.yml on trudenboy/ya-passport-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ya_passport_auth-1.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ya_passport_auth-1.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d7ed32011577a013bf4b2f552f96c032e567f07077fa351fa3833808ae71e601
MD5 415a9d26a9c4af1059d7d479beec438b
BLAKE2b-256 aa235e21bfcbbb52b633beab6f3dd0da8f3c0ba6a64637beeb4e4f254fdc195c

See more details on using hashes here.

Provenance

The following attestation bundles were made for ya_passport_auth-1.2.0-py3-none-any.whl:

Publisher: release.yml on trudenboy/ya-passport-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page