44Authentication
55--------------
66
7- Official authentication support for Twitch via the ``--twitch-oauth-token `` and ``--twitch-oauth-authenticate `` CLI arguments
8- had to be disabled in Streamlink's :ref: `1.3.0 release in November 2019 <changelog:streamlink 1.3.0 (2019-11-22) >` and both
9- arguments were finally removed in the :ref: `2.0.0 release in December 2020 <changelog:streamlink 2.0.0 (2020-12-22) >` due to
10- `restrictive changes `_ on Twitch's private REST API which prevented proper authentication flows from third party applications
11- like Streamlink.
12-
13- The issue was that authentication data generated from third party applications could not be sent while acquiring streaming
14- access tokens which are required for watching streams. Only authentication data generated by Twitch's website was accepted by
15- the Twitch API. Later on in January 2021, Twitch moved the respective API endpoints to their GraphQL API which was already
16- in use by their website for several years and shut down the old, private REST API.
17-
18- This means that authentication data, aka. the "OAuth token", needs to be read from the web browser after logging in on Twitch's
19- website and it then needs to be set as a certain request header on these API endpoints. This unfortunately can't be automated
20- easily by applications like Streamlink, so a new authentication feature was never implemented.
21-
227**In order to get the personal OAuth token from Twitch's website which identifies your account **, open Twitch.tv in your web
238browser and after a successful login, open the developer tools by pressing :kbd: `F12 ` or :kbd: `CTRL + SHIFT + I `. Then navigate to
249the "Console" tab or its equivalent of your web browser and execute the following JavaScript snippet, which reads the value of
@@ -31,9 +16,7 @@ the ``auth-token`` cookie, if it exists:
3116Copy the resulting string consisting of 30 alphanumerical characters without any quotations.
3217
3318The final ` ` Authorization` ` header which will identify your account while requesting a streaming access token can then be set
34- via Streamlink' s :option:`--http-header` or :option:`--twitch-api-header` CLI arguments. The former will set the header on any
35- HTTP request made by Streamlink, even HLS Streams, while the latter will only do that on Twitch API requests, which is what
36- should be done when authenticating and which is the reason why this CLI argument was added.
19+ via Streamlink' s :option:`--twitch-api-header` or :option:`--http-header` CLI arguments.
3720
3821The value of the ``Authorization`` header must be in the format of ``OAuth YOUR_TOKEN``. Notice the space character in the
3922argument value, which requires quotation on command line shells:
@@ -50,65 +33,54 @@ The entire argument can optionally be added to Streamlink's (Twitch plugin speci
5033 twitch-api-header=Authorization=OAuth abcdefghijklmnopqrstuvwxyz0123
5134
5235
53- .. _restrictive changes : https://github.com/streamlink/streamlink/issues/2680#issuecomment-557605851
54-
55-
5636 Embedded ads
5737------------
5838
59- In 2019, Twitch has started sporadically embedding ads directly into streams in addition to their regular advertisement program
60- on their website which can only overlay ads. The embedded ads situation has been an ongoing thing since then and has been turned
61- off and on several times throughout the months and years, also with variations between regions, and it has recently been pushed
62- more and more aggressively with long pre-roll ads.
63-
64- While this may be an annoyance for end-users who are used to using ad-blocker extensions in their web-browsers for blocking
65- regular overlaying ads, applications like Streamlink face another problem, namely stream discontinuities when there's a
66- transition between an ad and the regular stream content or another follow-up ad.
39+ In 2019, Twitch started embedding ads directly into streams in addition to their regular advertisement program
40+ on their website which can only overlay ads. While this may be an annoyance for people who are used to using ad-blocker
41+ extensions in their web-browsers for blocking regular overlaying ads, applications like Streamlink face another problem,
42+ namely stream discontinuities when there's a transition between the regular stream content and an ad or another follow-up ad.
6743
6844Since Streamlink does only output a single progressive stream from reading Twitch's segmented HLS stream, ads can cause issues
6945in certain players, as the output is not a cohesively encoded stream of audio and video data anymore during an ad transition.
7046One of the problematic players is :ref: `VLC <players:Players >`, which is known to crash during these stream discontinuities in
7147certain cases.
7248
73- Unfortunately, entirely preventing embedded ads is not possible unless a loophole on Twitch gets discovered which can be
74- exploited. This has been the case a couple of times now and ad-workarounds have been implemented in Streamlink (see #3210) and
75- various ad-blockers, but the solutions did only last for a couple of weeks or even days until Twitch patched these exploits.
49+ **Streamlink will therefore automatically filter out ad segments and pause the stream output during ads **.
50+ Prior releases between version ``1.1.0 `` and ``7.5.0 `` required the ``--twitch-disable-ads `` plugin argument, as filtering out
51+ ads was deemed optional. Ad filtering became necessary when Twitch changed the stream's container format, to prevent playback
52+ issues during stream discontinuities between the stream and ads.
7653
77- **To filter out ads and to prevent stream discontinuities in Streamlink's output **, the :option: `--twitch-disable-ads ` argument
78- was introduced in :ref: `Streamlink 1.1.0 in 2019 <changelog:streamlink 1.1.0 (2019-03-31) >`, which filters out advertisement
79- segments from Twitch's HLS streams and pauses the stream output until regular content becomes available again. The filtering
80- logic has seen several iterations since then, with the latest big overhaul in
81- :ref: `Streamlink 1.7.0 in 2020 <changelog:streamlink 1.7.0 (2020-10-18) >`.
54+ Filtering out ads means that the stream output will be paused during that time, and the player will keep trying to read data
55+ until the real stream becomes available again. The discontinuity when the output resumes is expected and can't be circumvented.
56+ Players should be able to recover from this, though. A message with an expected advertisement time will be logged.
8257
83- ** In addition to that **, special API request headers can be set via :option: ` -- twitch-api-header ` or special API request
84- parameters can be set via :option: ` --twitch-access-token-param ` that can prevent ads from being embedded into the stream,
85- either :ref: ` authentication data < cli/plugins/ twitch:Authentication >` or other data discovered by the community .
58+ Completely preventing ads may be possible by :ref: ` authenticating < cli/plugins/ twitch:Authentication >` (Twitch Turbo)
59+ or via special Twitch API request headers and/or parameters that modify the access token acquirement, if the community is aware
60+ of such loop-holes. See :option: ` -- twitch-api-header ` and :option: ` --twitch-access-token-param ` .
8661
8762
8863Client-integrity token
8964----------------------
9065
9166In 2022, Twitch added client-integrity tokens to their web player when getting streaming access tokens. These client-integrity
92- tokens are calculated using sophisticated JavaScript code which is infeasible to re-implement, as it not only involves
93- obfuscated code that's much harder to reverse engineer and to extract data from, but also a custom JavaScript virtual machine
94- implementation where bytecode gets interpreted which is encoded prior to that using randomization patterns. The interpreted
95- bytecode performs various checks of the user's web browser and its features, and then determines whether the client is legit
96- or not. The goal is to prevent bots and third party applications from accessing streams.
97-
98- Client-integrity tokens were treated as an optional request parameter when getting streaming access tokens.
99- This changed on 2023-05-31 when Twitch made them a requirement, and it broke Streamlink's Twitch plugin (#5370).
100-
101- Since the only sensible solution for Streamlink to calculate client-integrity tokens was using a web browser, a new
102- implementation was needed which could automate that. So in ``6.0.0 `` the
103- :ref: `streamlink.webbrowser <api/webbrowser:Webbrowser >` API was implemented, which requires a Chromium-based web browser being
104- installed on the user's system. See the :option: `--webbrowser ` and related CLI arguments for more details.
105-
106- However, a couple of days after Twitch made these changes, they reverted the requirement again, but in order for Streamlink
107- to be prepared for such requirements to be turned on again, the webbrowser API was added nevertheless. The decision was made
108- to only use the webbrowser API when getting an access token fails, so launching a web browser unnecessarily could be avoided,
109- even though it would run invisibly in "headless mode". Should client-integrity tokens be made a requirement again, then
110- Streamlink will cache the generated token in the plugin cache after launching the web browser once. This cache can be cleared
111- using the :option: `--twitch-purge-client-integrity ` option.
67+ tokens are calculated using sophisticated JavaScript code which is infeasible to re-implement. The goal is to prevent bots
68+ and third party applications from accessing streams by determining whether the client is legit or not.
69+
70+ Client-integrity tokens were treated as an optional request parameter when getting streaming access tokens, but this changed
71+ at the end of May in 2023 when Twitch made them a requirement for a week, which broke Streamlink's Twitch plugin (#5370).
72+
73+ Since the only sensible solution for Streamlink to calculate client-integrity tokens was using a web browser,
74+ the :ref: `streamlink.webbrowser <api/webbrowser:Webbrowser >` API was implemented in ``6.0.0 ``, which requires
75+ a Chromium-based web browser being installed on the user's system. See the :option: `--webbrowser ` and related CLI arguments
76+ for more details.
77+
78+ As long as client-integrity tokens are optional, Streamlink does not require the webbrowser API. If they are, or if the user
79+ has set the :option: `--twitch-force-client-integrity ` argument, then the token will be calculated once and then cached
80+ for as long as it's valid. :option: `--twitch-purge-client-integrity ` allows clearing the cached token.
81+
82+ If supported by the Chromium-based web browser and the environment Streamlink is run in, :option: `--webbrowser-headless `
83+ allows hiding the web browser's window.
11284
11385
11486Low latency streaming
0 commit comments