Issue Logging In #134

New Issue

Closed

opened 2026-01-16 11:07:58 +00:00 by macrossco · 3 comments

macrossco commented 2026-01-16 11:07:58 +00:00

Copy Link

I'm getting the following error when logging in using the newer method:

Exception caught: Response status code does not indicate success: 401 (Unauthorized).

StackTrace:    at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at OF_DL.Helpers.APIHelper.BuildHeaderAndExecuteRequests(Dictionary`2 getParams, String endpoint, HttpClient client)
   at OF_DL.Helpers.APIHelper.GetAllSubscriptions(Dictionary`2 getParams, String endpoint, Boolean includeRestricted, IDownloadConfig config)
Exception caught: Object reference not set to an instance of an object.

StackTrace:    at OF_DL.Program.DownloadAllData(APIHelper m_ApiHelper, Auth Auth, Config Config)
   at OF_DL.Program.Main(String[] args)

And the following when using the legacy method:

Exception caught: Response status code does not indicate success: 400 (Bad Request).

StackTrace:    at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at OF_DL.Helpers.APIHelper.BuildHeaderAndExecuteRequests(Dictionary`2 getParams, String endpoint, HttpClient client)
   at OF_DL.Helpers.APIHelper.GetAllSubscriptions(Dictionary`2 getParams, String endpoint, Boolean includeRestricted, IDownloadConfig config)
Exception caught: Object reference not set to an instance of an object.

StackTrace:    at OF_DL.Program.DownloadAllData(APIHelper m_ApiHelper, Auth Auth, Config Config)
   at OF_DL.Program.Main(String[] args)

OF-DL is up to date and username and password is correct.

I'm getting the following error when logging in using the newer method: ``` Exception caught: Response status code does not indicate success: 401 (Unauthorized). StackTrace: at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at OF_DL.Helpers.APIHelper.BuildHeaderAndExecuteRequests(Dictionary`2 getParams, String endpoint, HttpClient client) at OF_DL.Helpers.APIHelper.GetAllSubscriptions(Dictionary`2 getParams, String endpoint, Boolean includeRestricted, IDownloadConfig config) Exception caught: Object reference not set to an instance of an object. StackTrace: at OF_DL.Program.DownloadAllData(APIHelper m_ApiHelper, Auth Auth, Config Config) at OF_DL.Program.Main(String[] args) ``` And the following when using the legacy method: ``` Exception caught: Response status code does not indicate success: 400 (Bad Request). StackTrace: at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at OF_DL.Helpers.APIHelper.BuildHeaderAndExecuteRequests(Dictionary`2 getParams, String endpoint, HttpClient client) at OF_DL.Helpers.APIHelper.GetAllSubscriptions(Dictionary`2 getParams, String endpoint, Boolean includeRestricted, IDownloadConfig config) Exception caught: Object reference not set to an instance of an object. StackTrace: at OF_DL.Program.DownloadAllData(APIHelper m_ApiHelper, Auth Auth, Config Config) at OF_DL.Program.Main(String[] args) ``` OF-DL is up to date and username and password is correct.

ViRGEdx commented 2026-01-16 16:51:24 +00:00

Copy Link

Yep, I'm seeing all the same thing here.

Unfortunately, even in verbose mode, OF-DL isn't spitting out much in the way of useful information on just what has gone wrong. I'm assuming they've made some kind of API change that has broken the login workflow, but this is beyond my skill set.

2026-01-16 08:41:17.268 -08:00 [DBG] Using dynamic rules from GitHub
2026-01-16 08:41:17.277 -08:00 [DBG] Full request URL: https://onlyfans.com/api2/v2/users/me?limit=50&order=publish_date_asc
2026-01-16 08:41:17.503 -08:00 [ERR] Auth failed
2026-01-16 08:41:18.906 -08:00 [DBG] Navigating to OnlyFans.
2026-01-16 08:41:19.091 -08:00 [DBG] Waiting for user to login
2026-01-16 08:42:09.445 -08:00 [DBG] Feed element detected (user logged in)
2026-01-16 08:42:10.330 -08:00 [DBG] DOM loaded. Getting BC token and cookies ...
2026-01-16 08:42:10.506 -08:00 [DBG] Calling DownloadAllData
2026-01-16 08:42:10.511 -08:00 [DBG] Calling GetAllSubscrptions
2026-01-16 08:42:10.512 -08:00 [DBG] Calling BuildHeaderAndExecuteRequests
2026-01-16 08:42:10.512 -08:00 [DBG] Calling BuildHttpRequestMessage
2026-01-16 08:42:10.512 -08:00 [DBG] Calling GetDynamicHeaders
2026-01-16 08:42:10.512 -08:00 [DBG] Path: /api2/v2/subscriptions/subscribes
2026-01-16 08:42:10.512 -08:00 [DBG] Query Params: ?offset=0&limit=50&type=active&format=infinite
2026-01-16 08:42:10.512 -08:00 [DBG] Using cached dynamic rules
2026-01-16 08:42:10.513 -08:00 [DBG] Full request URL: https://onlyfans.com/api2/v2/subscriptions/subscribes?offset=0&limit=50&type=active&format=infinite
2026-01-16 08:42:10.741 -08:00 [ERR] Exception caught: Response status code does not indicate success: 400 (Bad Request).

StackTrace:    at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at OF_DL.Helpers.APIHelper.BuildHeaderAndExecuteRequests(Dictionary`2 getParams, String endpoint, HttpClient client)
   at OF_DL.Helpers.APIHelper.GetAllSubscriptions(Dictionary`2 getParams, String endpoint, Boolean includeRestricted, IDownloadConfig config)
2026-01-16 08:42:10.743 -08:00 [DBG] Subscriptions: 
2026-01-16 08:42:10.743 -08:00 [ERR] Exception caught: Object reference not set to an instance of an object.

StackTrace:    at OF_DL.Program.DownloadAllData(APIHelper m_ApiHelper, Auth Auth, Config Config)
   at OF_DL.Program.Main(String[] args)

Not helping matters, the site immediately invalidates a cookie if it doesn't like what you're doing, such as accessing https://onlyfans.com/api2/v2/subscriptions/subscribes?offset=0&limit=50&type=active&format=infinite in a browser.

The API calls themselves don't immediately seem different. Which makes me think there's something new they're looking for in the request header, or otherwise some kind of fingerprint they're after to tell a regular user from a non-browser client.

Here's the header Firefox sends when accessing the active subscriptions page:

GET /api2/v2/subscriptions/subscribes?offset=0&type=active&limit=10&format=infinite HTTP/3
Host: onlyfans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://onlyfans.com/my/collections/user-lists/subscriptions/active?order_field=expire_date
time: x
sign: x
app-token: x
user-id: x
x-bc: x
x-of-rev: 202601161232-95572ea327
x-hash: x
DNT: 1
Sec-GPC: 1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Connection: keep-alive
Alt-Used: onlyfans.com
Cookie: __stripe_mid=x; st=x; csrf=x; fp=x; lang=en; _cfuvid=x; __cf_bm=x; sess=x; auth_id=x
Priority: u=0
TE: trailers

It seems there was a new revision of the site package pushed live about 5 hours ago, judging from that timestamp.

Yep, I'm seeing all the same thing here. Unfortunately, even in verbose mode, OF-DL isn't spitting out much in the way of useful information on just what has gone wrong. I'm assuming they've made some kind of API change that has broken the login workflow, but this is beyond my skill set. ``` 2026-01-16 08:41:17.268 -08:00 [DBG] Using dynamic rules from GitHub 2026-01-16 08:41:17.277 -08:00 [DBG] Full request URL: https://onlyfans.com/api2/v2/users/me?limit=50&order=publish_date_asc 2026-01-16 08:41:17.503 -08:00 [ERR] Auth failed 2026-01-16 08:41:18.906 -08:00 [DBG] Navigating to OnlyFans. 2026-01-16 08:41:19.091 -08:00 [DBG] Waiting for user to login 2026-01-16 08:42:09.445 -08:00 [DBG] Feed element detected (user logged in) 2026-01-16 08:42:10.330 -08:00 [DBG] DOM loaded. Getting BC token and cookies ... 2026-01-16 08:42:10.506 -08:00 [DBG] Calling DownloadAllData 2026-01-16 08:42:10.511 -08:00 [DBG] Calling GetAllSubscrptions 2026-01-16 08:42:10.512 -08:00 [DBG] Calling BuildHeaderAndExecuteRequests 2026-01-16 08:42:10.512 -08:00 [DBG] Calling BuildHttpRequestMessage 2026-01-16 08:42:10.512 -08:00 [DBG] Calling GetDynamicHeaders 2026-01-16 08:42:10.512 -08:00 [DBG] Path: /api2/v2/subscriptions/subscribes 2026-01-16 08:42:10.512 -08:00 [DBG] Query Params: ?offset=0&limit=50&type=active&format=infinite 2026-01-16 08:42:10.512 -08:00 [DBG] Using cached dynamic rules 2026-01-16 08:42:10.513 -08:00 [DBG] Full request URL: https://onlyfans.com/api2/v2/subscriptions/subscribes?offset=0&limit=50&type=active&format=infinite 2026-01-16 08:42:10.741 -08:00 [ERR] Exception caught: Response status code does not indicate success: 400 (Bad Request). StackTrace: at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at OF_DL.Helpers.APIHelper.BuildHeaderAndExecuteRequests(Dictionary`2 getParams, String endpoint, HttpClient client) at OF_DL.Helpers.APIHelper.GetAllSubscriptions(Dictionary`2 getParams, String endpoint, Boolean includeRestricted, IDownloadConfig config) 2026-01-16 08:42:10.743 -08:00 [DBG] Subscriptions: 2026-01-16 08:42:10.743 -08:00 [ERR] Exception caught: Object reference not set to an instance of an object. StackTrace: at OF_DL.Program.DownloadAllData(APIHelper m_ApiHelper, Auth Auth, Config Config) at OF_DL.Program.Main(String[] args) ``` Not helping matters, the site immediately invalidates a cookie if it doesn't like what you're doing, such as accessing https://onlyfans.com/api2/v2/subscriptions/subscribes?offset=0&limit=50&type=active&format=infinite in a browser. The API calls themselves don't immediately seem different. Which makes me think there's something new they're looking for in the request header, or otherwise some kind of fingerprint they're after to tell a regular user from a non-browser client. Here's the header Firefox sends when accessing the active subscriptions page: ``` GET /api2/v2/subscriptions/subscribes?offset=0&type=active&limit=10&format=infinite HTTP/3 Host: onlyfans.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Referer: https://onlyfans.com/my/collections/user-lists/subscriptions/active?order_field=expire_date time: x sign: x app-token: x user-id: x x-bc: x x-of-rev: 202601161232-95572ea327 x-hash: x DNT: 1 Sec-GPC: 1 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Connection: keep-alive Alt-Used: onlyfans.com Cookie: __stripe_mid=x; st=x; csrf=x; fp=x; lang=en; _cfuvid=x; __cf_bm=x; sess=x; auth_id=x Priority: u=0 TE: trailers ``` It seems there was a new revision of the site package pushed live about 5 hours ago, judging from that timestamp.

macrossco commented 2026-01-16 19:58:31 +00:00

Author

Copy Link

As other users have found, downgrading to 1.9.19 allows successful login.

As other users have found, downgrading to 1.9.19 allows successful login.

whimsical-c4lic0 commented 2026-01-16 21:07:03 +00:00

Collaborator

Copy Link

There is no need to downgrade to 1.9.19. As mentioned in discord, the authentication issue was unrelated to the OF-DL version and was caused by an issue with the dynamic rules. Using the newest version of OF-DL is recommended since it includes bugfixes, and old versions are unlikely to receive support.

There is no need to downgrade to 1.9.19. As mentioned in discord, the authentication issue was unrelated to the OF-DL version and was caused by an issue with the dynamic rules. Using the newest version of OF-DL is recommended since it includes bugfixes, and old versions are unlikely to receive support.

👍 2

melithine closed this issue 2026-01-16 22:36:33 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

avalonia-gui

already_downloaded_error

ffmpeg_additional_logging

header_update

version_timeout

ffmpeg_version

OFDLV1.10.0

OFDLV1.9.20

OFDLV1.9.19

OFDLV1.9.18

OFDLV1.9.17

OFDLV1.9.16

OFDLV1.9.15

OFDLV1.9.14

OFDLV1.9.13

OFDLV1.9.12

OFDLV1.9.11

OFDLV1.9.10

OFDLV1.9.9

OFDLV1.9.8

OFDLV1.9.7

Labels

Clear labels

bug

Something is not working

code-submitted

Some code has been written to address this issue, but has not yet made it into a release version yet.

duplicate

This issue or pull request already exists

feature-request

New feature

invalid

Something is wrong

needs-documentation

The OFDL documentation needs to be updated for this issue.

needs-info

More information is needed

triaged-and-escalated

This has been triaged and needs help from a specific developer.

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

JIREX melithine whimsical-c4lic0 sim0n00ps

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sim0n00ps/OF-DL#134

No description provided.