Kalanyr: Which reminds me I should probably double check that a file being marked as pre-verified for skip purposes gets cleared if it's reported MD5 by GOG is different from the manifest, I think it already does that but should make sure.
Geralt_of_Rivia: BTW, I keep hitting a certain problem that I have not found a solution for yet. The login procedure.
At the moment I'm doing it exactly by the book (or rather the unofficial API documentation):
First I get the page from
https://login.gog.com/auth?... with the documented parameters, extract the login token from the page, and post username, password and login token to
https://login.gog.com/login_check. On a successful login the result is a redirect to a specific url which contains a login code.
Then I request
https://auth.gog.com/token?... with the documented parameters and the login code to get an OAUTH token which should be refreshed once an hour. I'm not doing that yet since my script is only doing some data collection right now that doesn't take very long. The OAUTH token contains among other things an access_token that should be used in the header of each request to the server. The header should be "Authorization: Bearer " + access_token.
Despite being quite convoluted it does work just fine once you've got that down.
However, when developing you often make changes and test them to see if they work as expected. That leads to many logins within a short time since every time I start the program the login runs from scratch. And it seems that GOG doesn't like that. After a while I get put on a blacklist which requires me to answer a captcha at login which obviously foils the automatic login. Then I have to wait for a few hours or sometimes even days until I'm off the blacklist again.
So the question here is: Is there any way around that? Can I somehow prevent being put on the blacklist? Or can I make the login persistent so that I don't have to login again and again? What about the OAUTH token? If I can make the login persistent I probably need to refresh it. How do you handle all that?
Yes, you can store the (pseudo)-OAuth session data , which is pretty much the following.
{'access_token': 'REDACTED',
'expires_in': 3600,
'expiry': REDACTED,
'refresh_token': 'REDACTED',
'scope': '',
'session_id': 'REDACTED',
'token_type': 'bearer',
'user_id': 'REDACTED'}
You can then use it whenever you need to login again. You do need to do a session renew request as documented when it expires (which is each hour), IIRC you have to calculate the actual expiry time yourself (which is why I have an expiry field as well as the expires_in. but you could keep acquisition time + expires_in and use that instead. )
(If you want to send me a PM , I can send you the still a mess code for the next version of GOGrepoc but it does actually have fully working GOG OAuth code you can copy)
Timboli: So not much we can do, if update flag hasn't been set, MD5 is missing, and file name hasn't changed.
my name is coole catte: Speaking of update flags, I actually wrote to GOG support a while back asking about that and they just got back to me and claim it's been fixed for some time. :S
They asked if I can send a screenshot of it not working... I'm not sure how to prove the absence of something. Anyone got any good ideas about how to explain what isn't happening?
This depends what you mean by "fixed", there was a period during the early COVID times, where they weren't marking things as updated at all, they are now, so that's "fixed". And they are presently a *lot* better about marking things that are updated as updated than they were in the past.
The main problem is GOG does "administrative" updates which don't change anything from a user perspective and are mainly about cleaning up internal stuff, so you don't really want that marked as updated because redownloading it is a waste. Which means it's hard to tell when they've let something slip and when it's just an administrative thing.
I guess you could setup a script that runs a gogrepoc new/updated update, then a full update afterwards, notes down what's changed in the second one, and then do stuff like compare the file names / versions to see what's a "real" change that was missed.