Photoshop Mix was sunset by Adobe in June 2024. This was one of the simplest mobile apps for iOS and Android that had been out since around 2016 and I heavily used it to make memes and quick edits for people in Photoshop Facebook groups. The simplicity of the layers, cutouts with shapes, and its interface was ahead of its time and to date I have not found a mobile app that can replace it, free or paid.
After June, many people took to Reddit to voice complaints that the app no longer works and thereby they cannot access all their projects anymore. I discovered that you can actually still access your projects, just not in an editable way — you can only download the “compositions”. You can download the compositions by visiting https://assets.adobe.com/mobilecreations.
Because this app is one of my favorites, I have had some thoughts on trying to get it to work, or figure out how to bypass the login screen that now errors indicating the product is no longer supported. My work so far in testing / troubleshooting has lead me to a token that seems to be the culprit. It might be possible that I can forge this token through some proxy or something to rewrite it, but that would mean I need to be on a network I can handle proxying and this wouldn’t work on a mobile network.
The error when launching Photoshop Mix now:
We couldn’t sign you in. Either the product you are trying to use is no longer supported or the client ID is not valid.
I’ll update this post with more details as I get them organized, but here’s what I have so far.
The client_id of OrionPS1 seems to be what is triggering the invalid application. In testing on my phone with Adobe Photoshop Express, I see that application uses the client_id of PSXIOS3.
This will generate the error above.
curl 'https://ims-na1.adobelogin.com/ims/authorize/v1?redirect_uri=signin%3A%2F%2Fcomplete&client_id=OrionPS1' \
-H 'Host: ims-na1.adobelogin.com' \
-H 'Sec-Fetch-Site: none' \
-H 'Connection: keep-alive' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8' \
-H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Sec-Fetch-Dest: document'
Now, looking at the Adobe Photoshop Express app HTTP requests, this is what things look like.
GET /ims/authorize/v3?client_id=PSXIOS3&scope=creative_sdk,AdobeID,openid,sao.cce_private,additional_info.projectedProductContext,sao.spark,tk_platform,tk_platform_sync,af_byof,af_ltd_psx,tk_platform_grant_free_subscription,firefly_api&force_marketing_permission=true&locale=en-US&idp_flow=login&response_type=device&device_name=iPhone&hashed_device_id=[redacted]&state=%7B%22ac%22:%22psxios%22%7D&redirect_uri=com.adobe.psmobile://login.complete HTTP/1.1
Host: ims-na1.adobelogin.com
Sec-Fetch-Dest: document
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Language: en-US,en;q=0.9
Priority: u=0, i
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
What I note is that the URI path is changed from /ims/authorize/v1 to /ims/authorize/v3. So if I change my cUrl command to the following, I get a new error.
curl 'https://ims-na1.adobelogin.com/ims/authorize/v3?redirect_uri=signin%3A%2F%2Fcomplete&client_id=PSXIOS3&scope=creative_sdk,AdobeID,sao.cce_private&idp_flow=login&force_marketing_permission=true&response_type=device&device_id=[redacted]&device_name=iPhone&locale=en-US&state=%7B%22ac%22:%22PSMix_app%22%7D&grant_type=device&hashed_device_id=[redacted]' \
-H 'Host: ims-na1.adobelogin.com' \
-H 'Sec-Fetch-Site: none' \
-H 'Connection: keep-alive' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8' \
-H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Sec-Fetch-Dest: document'
bad_request
missing hashed_device_id parameter
So adding that in based on what my hashed_device_id paramater is, I do not get a response back. This is as far as I’ve gotten with the 15 minutes I’ve had to work on it. I’ll explore it more later.