-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Extractors] Add PO Token Guide (#40)
Co-authored-by: bashonly <[email protected]>
- Loading branch information
Showing
1 changed file
with
72 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# YouTube | ||
|
||
|
||
## PO Token Guide | ||
|
||
Proof of Origin (PO) token is a parameter that YouTube requires to be sent with video playback requests from some clients. Without it, requests for the affected clients' format URLs may return HTTP Error 403, or result in your account or IP address being blocked. | ||
|
||
This token is generated by BotGuard (Web) / DroidGuard (Android) to attest the requests are coming from a genuine client. This guide will be assuming the use of a PO Token generated by BotGuard, for use with the `web` client. | ||
|
||
> For PO Tokens generated by BotGuard, when logged out, the PO Token is bound to a Visitor ID. This Visitor ID is found in the `VISITOR_INFO1_LIVE` cookie, or in the `visitorData` value which is sent with Innertube API requests. When logged in, the PO Token is bound to the account Session ID (part of the Data Sync ID), rather than the Visitor ID. | ||
|
||
### Manually acquiring a PO Token from a browser for use when logged out | ||
|
||
This process goes through manually obtaining a PO Token generated on YouTube in a web browser, and then manually passing that to yt-dlp via the `po_token` extractor argument. | ||
|
||
Steps: | ||
|
||
1. Open a browser and go to any video on YouTube Music or YouTube Embedded (e.g. https://www.youtube.com/embed/aqz-KE-bpKQ). **Make sure you are not logged in to any account!** | ||
2. Open the developer console (F12), then go to the "Network" tab and filter by `v1/player` | ||
3. Click the video to play and a player request will appear in the network tab | ||
4. In the request payload JSON, find the PO Token at `serviceIntegrityDimensions.poToken` and save that value | ||
5. Export cookies from the browser | ||
6. Pass the PO Token to yt-dlp using `--extractor-args "youtube:player-client=web,default;po_token=web+PO_TOKEN_VALUE_HERE"` with cookies (`--cookies COOKIES_FILE`) | ||
|
||
Addendum: | ||
- You can also get the PO Token from any of the `videoplayback` URLs (it is the `pot` query parameter). | ||
- You can also use `--cookies-from-browser` if that is pointed to the browser session with the same logged-out session you extracted the PO Token from. | ||
|
||
#### Passing Visitor Data without cookies | ||
|
||
In some cases, you may not want to use cookies and instead pass Visitor Data to use in Innertube API requests. | ||
|
||
> [!WARNING] | ||
> This method is **not recommended** for most cases. It requires skipping webpage requests so that the `VISITOR_INFO1_LIVE` cookie does not interfere. This results in more requests needing to be sent as well as less stable extraction. | ||
You can do this with: | ||
|
||
--extractor-args "youtube:player-client=web,default;player-skip=webpage,configs;po_token=web+PO_TOKEN_VALUE_HERE;visitor_data=VISITOR_DATA_VALUE_HERE" | ||
|
||
|
||
### Manually acquiring a PO Token from a browser for use when logged in | ||
|
||
The process for obtaining a PO Token for use when yt-dlp is logged into an account is similar to the above. The PO Token obtained should work with either cookies or [OAuth](https://github.com/coletdjnz/yt-dlp-youtube-oauth2). | ||
|
||
Steps: | ||
|
||
1. Open YouTube Music in a browser, and log in with the user you are using with yt-dlp | ||
2. Open any video on YouTube Music | ||
3. Follow steps 2-4 [above](#manually-acquiring-a-po-token-from-a-browser-for-use-when-logged-out) | ||
4. Pass the PO Token to yt-dlp using `--extractor-args "youtube:player-client=web,default;po_token=web+PO_TOKEN_VALUE_HERE"` with your method of auth (cookies or OAuth) | ||
|
||
If you are using cookies, see [Exporting YouTube Cookies](#exporting-youtube-cookies) on how to export cookies without them being invalidated. | ||
|
||
> As of writing, it appears that when logged in, YouTube Embedded *does not* bind the PO Token to the Data Sync ID. This will mean PO Tokens from it will not work with the `web` client when using auth, which requires it is bound to the Data Sync ID. We can use YouTube Music instead to fetch the PO Token which does this. | ||
|
||
### Other methods of acquiring a PO Token | ||
|
||
#### Plugins | ||
- [yt-dlp-get-pot](https://github.com/coletdjnz/yt-dlp-get-pot) by [coletdjnz](https://github.com/coletdjnz) | ||
- A plugin framework for yt-dlp to support fetching PO Tokens from external providers | ||
|
||
## Exporting YouTube cookies | ||
|
||
YouTube rotates cookies frequently on open YouTube browser tabs as a security measure. | ||
To export cookies that will remain working with yt-dlp, you will need to export cookies in such a way that they are never rotated. | ||
|
||
One way to do this is through a private browsing/incognito window: | ||
1. Open a new private browsing/incognito window and log into YouTube | ||
2. Open a new tab and **close the YouTube tab** | ||
3. Export cookies from the browser then **close the private browsing/incognito window** so the session is never opened in the browser again. |