Wonder how long until this is broken (browser fingerprinting?) or more likely, your login is banned?

Regarding login, the *only* available method is really username and password since this is required in order to obtain a token.

BlueSky API looks like a more attractive option with no reverse engineering required.