Accomodate for Stellantis' Jan 23 OAuth changes

[planck-aw]

Still one manual step involved during setup but at least the error 500 is gone.

[planck-aw]

Fixes #733

[Gschrooyen]

Has this change been tested for other brands?

[0x3dlux]

For lack of test accounts: no. Stellantis seems to be doing all kinds of crazy OAuth proxying internally so maybe if we're lucky the endpoints can just be used interchangeably. I found the original URL from the Android app's logcat output, the others I just found them in classes4.dex so I just made AUTHORIZE_SERVICE a dict too.

classes4.dex.txt:43f3a0: 1a02 bd90 |0012: const-string v2, "https://idpcvs.driveds.com/am/oauth2/authorize" // string@90bd
classes4.dex.txt:43f3ec: 1a02 c390 |0038: const-string v2, "https://idpcvs.peugeot.com/am/oauth2/authorize" // string@90c3
classes4.dex.txt:43f438: 1a02 ba90 |005e: const-string v2, "https://idpcvs.citroen.com/am/oauth2/authorize" // string@90ba
classes4.dex.txt:43f488: 1a02 c090 |0086: const-string v2, "https://idpcvs.opel.com/am/oauth2/authorize" // string@90c0
classes4.dex.txt:43f4da: 1a02 c690 |00af: const-string v2, "https://idpcvs.vauxhall.co.uk/am/oauth2/authorize" // string@90c6

[vineethktpla]

Yes you are right.
Now I get peugeot link, but it still shows this error while trying to access
{ "error": "redirect_uri_mismatch", "error_description": "The redirection URI provided does not match a pre-registered value." }

[0x3dlux]

Oha. The "op" in "mymop" stands for Opel then I guess 😅 🤦
So let's pass the brand_code into the URL too...

[vineethktpla]

Oha. The "op" in "mymop" stands for Opel then I guess 😅 🤦 So let's pass the brand_code into the URL too...

This worked for me, Thanks :-)

However, I have no idea how to incorporate this in to HA

[bbr111]

Got this error 3 hours after first setup.

OTP Pin is received. But when entered got this message.
in config.jscon "remote_refresh_token": null,

2024-02-07 22:01:57,870 :: ERROR :: Error during activation: {'newversion': None, 'newversionurl': None, 'err': 'NOK:ACCESS'}
2024-02-07 22:01:57,872 :: ERROR :: Can't refresh remote token
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/RemoteClient.py", line 155, in _refresh_remote_token
self.manager.refresh_token_now()
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/common/utils.py", line 23, in wrapper
raise RateLimitException
psa_car_controller.common.utils.RateLimitException

[0x3dlux]

RateLimitException seems pretty self-explanatory. Looks like you retried the SMS-step too many times in a too short period of time. Pretty sure each SMS costs Stellantis a cent or two so it makes sense that the rate limits are very thight there.

This "remote_refresh_token": null seems kind of odd too. Did you remove both token lines from the config.json? You should've set them to an empty string, like remote_refresh_token: ""

[vineethktpla]

Got this error 3 hours after first setup.

OTP Pin is received. But when entered got this message. in config.jscon "remote_refresh_token": null,

2024-02-07 22:01:57,870 :: ERROR :: Error during activation: {'newversion': None, 'newversionurl': None, 'err': 'NOK:ACCESS'} 2024-02-07 22:01:57,872 :: ERROR :: Can't refresh remote token Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/RemoteClient.py", line 155, in _refresh_remote_token self.manager.refresh_token_now() File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/common/utils.py", line 23, in wrapper raise RateLimitException psa_car_controller.common.utils.RateLimitException

I get pretty much the same errors in HA, while trying for remote functions.
But if we set refresh token to empty string, it wont read anything in HA

[youradds]

Thanks for your work on this :)

I updated all the codes from here (I believe), but when booting I get:

sudo -u car python3 /usr/local/bin/psa-car-controller -f /home/car/psa/config.json -c /home/car/psa/charge_config.json
2024-02-09 08:59:10,002 :: INFO :: App version 3.3.1
2024-02-09 08:59:10,149 DEBUG Starting new HTTPS connection (1): idpcvs.vauxhall.co.uk:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.vauxhall.co.uk\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic Og==\r\nContent-Length: 45\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=refresh_token&scope=openid+profile'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Fri, 09 Feb 2024 08:59:10 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: WWW-Authenticate: Basic realm="/clientsB2CVauxhall"
header: Pragma: no-cache
header: Content-Type: application/json
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=177242122.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=US; Domain=.vauxhall.co.uk; Path=/
header: Connection: close
header: Content-Encoding: gzip
2024-02-09 08:59:10,297 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 401 None
2024-02-09 08:59:10,299 :: ERROR :: Connection need to be updated, Please redo authentication process.
Traceback (most recent call last):
  File "/usr/local/bin/psa-car-controller", line 8, in <module>
    sys.exit(main())
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/__main__.py", line 20, in main
    app.load_app()
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psacc/application/car_controller.py", line 121, in load_app
    raise ConnectionError
ConnectionError
2024-02-09 08:59:10,318 :: INFO :: save config change

my config.json:

{
    "abrp": {
        "abrp_enable_vin": [],
        "token": ""
    },
    "client_id": "",
    "client_secret": "",
    "co2_signal_api": null,
    "country_code": "GB",
    "customer_id": "",
    "proxies": {
        "http": "",
        "https": ""
    },
    "realm": "clientsB2CVauxhall",
    "refresh_token": null,
    "remote_refresh_token": "",
    "weather_api": null
}

[0x3dlux]

2024-02-09 08:59:10,297 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 401 None
2024-02-09 08:59:10,299 :: ERROR :: Connection need to be updated, Please redo authentication process.

Did you delete the otp.bin and launch with --web-conf?

[youradds]

2024-02-09 08:59:10,297 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 401 None
2024-02-09 08:59:10,299 :: ERROR :: Connection need to be updated, Please redo authentication process.

Did you delete the otp.bin and launch with --web-conf?

Ah that would be the step I missed. However, I go to the login URL provided in the console. Log in, and then when logging in Dev Tools in FF (also tried Chrome), I'm struggling to see where the mymXX-code should be? Is it a specific XHR request? Or one of the responses, with a value passed along? I get a ton of crappy JS errors. ... but thats just poor coding from Vauxhall it seems :/ (for example: Uncaught ReferenceError: ttq is not defined)

[0x3dlux]

It's the (invalid-to-a-browser mymXX://) URL that you'll be redirected to when you click "OK" in the last step.

[youradds]

Ah sweet - managed to get that going now :) The main stuff seems to work, but pre-conditioning gives this error:

2024-02-09 10:13:50,853 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 200 None
2024-02-09 10:13:50,856 :: ERROR :: remote_refresh_token isn't defined
2024-02-09 10:13:50,858 :: ERROR :: Exception on /preconditioning/VXKUHZKXZL4183607/1 [GET]
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1455, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 869, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 867, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 852, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/web/view/api.py", line 84, in preconditioning
    return jsonify(APP.myp.remote_client.preconditioning(vin, activate))
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 250, in preconditioning
    self.publish(msg)
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 138, in publish
    self._refresh_remote_token()
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 173, in _refresh_remote_token
    otp_code = self.get_otp_code()
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/common/utils.py", line 17, in wrapper
    return func(*args, **kwargs)
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 193, in get_otp_code
    otp_code = self.otp.get_otp_code()
AttributeError: 'NoneType' object has no attribute 'get_otp_code'

[bbr111]

RateLimitException seems pretty self-explanatory. Looks like you retried the SMS-step too many times in a too short period of time. Pretty sure each SMS costs Stellantis a cent or two so it makes sense that the rate limits are very thight there.

This "remote_refresh_token": null seems kind of odd too. Did you remove both token lines from the config.json? You should've set them to an empty string, like remote_refresh_token: ""

no, i just removed the values.
I'll try to take the process from the begin with verifing just cleared values.

[bbr111]

It looks like there is a problem it the remote_refresh_token
it is set to "" when is start the program.
after entering the extracted 32-digits from opel it is set to null

2024-02-11 19:19:39,328 :: ERROR :: can't refresh_remote_token: {'error_description': "Missing parameter, 'refresh_token'", 'error': 'invalid_request', 'refresh_token': ''}

But refresh_token is not empty in my config file.

OTP is not working
2024-02-11 19:19:40,423 :: ERROR :: Error during activation: {'err': 'NOK:FORBIDDEN'}
2024-02-11 19:19:40,424 :: ERROR :: start_remote_control failed redo otp config

and Opel Login page is french, even if german or DE ist set in language setting.

[vineethktpla]

It looks like there is a problem it the remote_refresh_token it is set to "" when is start the program. after entering the extracted 32-digits from opel it is set to null

2024-02-11 19:19:39,328 :: ERROR :: can't refresh_remote_token: {'error_description': "Missing parameter, 'refresh_token'", 'error': 'invalid_request', 'refresh_token': ''}

But refresh_token is not empty in my config file.

OTP is not working 2024-02-11 19:19:40,423 :: ERROR :: Error during activation: {'err': 'NOK:FORBIDDEN'} 2024-02-11 19:19:40,424 :: ERROR :: start_remote_control failed redo otp config

and Opel Login page is french, even if german or DE ist set in language setting.

'http://m.inwebo.com/', 'err': 'NOK:FORBIDDEN'}
Your psa account is locked because you makes 20 sms activation. To unlock do this :

Install on a smartphone mypeugeot, myopel etc, depending on your car brand
If the application is already installed uninstall and reinstall
You should be asked to give your credentials
Connect and test remote control, it should say that you need to reset your account
If the remote control work on your smartphone it will work with psa_car_controller

[bbr111]

@vineethktpla Thanks

Uninstall and Reinstall the app on mobile and setting new pin solved the problem.

[flobz]

Thanks for your help. I will do some reworks and then merge it on master.

[gernot-h]

@flobz, great to see you've picked that up!!

For the time being, until this is merged into master, let me add deep links here to the instructions how to get it to work in standalone installs as well as in HA:

• standalone: Change to the PSA API - Internal Error 400 #733 (comment)
• HA: Change to the PSA API - Internal Error 400 #733 (comment) and following

[PaddyRu]

Hi "mymop" seems to work for Opel, I have a car from peugeot and get the redirect_uri as "mymap://oauth2redirect/fr" so "ap" instead of "op" in case of Opel and it doesn't seem to work.
I looked into dev tools and found a warning in the console stating "prevented navigation to https://idpcvs.peugeot.com/am/oauth2/authorize?... due to an unknown protocol", I don't know if it has anything to do with this mymap/mymop/... but maybe?

[PaddyRu]

Hi "mymop" seems to work for Opel, I have a car from peugeot and get the redirect_uri as "mymap://oauth2redirect/fr" so "ap" instead of "op" in case of Opel and it doesn't seem to work. I looked into dev tools and found a warning in the console stating "prevented navigation to https://idpcvs.peugeot.com/am/oauth2/authorize?... due to an unknown protocol", I don't know if it has anything to do with this mymap/mymop/... but maybe?

The error was raised in Firefox, with Chrome it works!