Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Accomodate for Stellantis' Jan 23 OAuth changes #754

Merged
merged 13 commits into from
Feb 19, 2024
Merged

Conversation

planck-aw
Copy link

Still one manual step involved during setup but at least the error 500 is gone.

…p involved during setup but at least the error 500 is gone)
@planck-aw
Copy link
Author

Fixes #733

@planck-aw planck-aw closed this Feb 6, 2024
@planck-aw planck-aw reopened this Feb 6, 2024
@@ -28,7 +28,7 @@
"program3": {"day": [0, 0, 0, 0, 0, 0, 0], "hour": 34, "minute": 7, "on": 0},
"program4": {"day": [0, 0, 0, 0, 0, 0, 0], "hour": 34, "minute": 7, "on": 0}
}
AUTHORIZE_SERVICE = "https://api.mpsa.com/api/connectedcar/v2/oauth/authorize"
AUTHORIZE_SERVICE = "https://idpcvs.opel.com/am/oauth2/authorize"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has this change been tested for other brands?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For lack of test accounts: no. Stellantis seems to be doing all kinds of crazy OAuth proxying internally so maybe if we're lucky the endpoints can just be used interchangeably. I found the original URL from the Android app's logcat output, the others I just found them in classes4.dex so I just made AUTHORIZE_SERVICE a dict too.

classes4.dex.txt:43f3a0: 1a02 bd90 |0012: const-string v2, "https://idpcvs.driveds.com/am/oauth2/authorize" // string@90bd
classes4.dex.txt:43f3ec: 1a02 c390 |0038: const-string v2, "https://idpcvs.peugeot.com/am/oauth2/authorize" // string@90c3
classes4.dex.txt:43f438: 1a02 ba90 |005e: const-string v2, "https://idpcvs.citroen.com/am/oauth2/authorize" // string@90ba
classes4.dex.txt:43f488: 1a02 c090 |0086: const-string v2, "https://idpcvs.opel.com/am/oauth2/authorize" // string@90c0
classes4.dex.txt:43f4da: 1a02 c690 |00af: const-string v2, "https://idpcvs.vauxhall.co.uk/am/oauth2/authorize" // string@90c6

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes you are right.
Now I get peugeot link, but it still shows this error while trying to access
{ "error": "redirect_uri_mismatch", "error_description": "The redirection URI provided does not match a pre-registered value." }

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oha. The "op" in "mymop" stands for Opel then I guess 😅 🤦
So let's pass the brand_code into the URL too...

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oha. The "op" in "mymop" stands for Opel then I guess 😅 🤦 So let's pass the brand_code into the URL too...

This worked for me, Thanks :-)

However, I have no idea how to incorporate this in to HA

@bbr111
Copy link

bbr111 commented Feb 7, 2024

Got this error 3 hours after first setup.

OTP Pin is received. But when entered got this message.
in config.jscon "remote_refresh_token": null,

2024-02-07 22:01:57,870 :: ERROR :: Error during activation: {'newversion': None, 'newversionurl': None, 'err': 'NOK:ACCESS'}
2024-02-07 22:01:57,872 :: ERROR :: Can't refresh remote token
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/RemoteClient.py", line 155, in _refresh_remote_token
self.manager.refresh_token_now()
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/common/utils.py", line 23, in wrapper
raise RateLimitException
psa_car_controller.common.utils.RateLimitException

@0x3dlux
Copy link
Contributor

0x3dlux commented Feb 8, 2024

RateLimitException seems pretty self-explanatory. Looks like you retried the SMS-step too many times in a too short period of time. Pretty sure each SMS costs Stellantis a cent or two so it makes sense that the rate limits are very thight there.

This "remote_refresh_token": null seems kind of odd too. Did you remove both token lines from the config.json? You should've set them to an empty string, like remote_refresh_token: ""

@vineethktpla
Copy link

Got this error 3 hours after first setup.

OTP Pin is received. But when entered got this message. in config.jscon "remote_refresh_token": null,

2024-02-07 22:01:57,870 :: ERROR :: Error during activation: {'newversion': None, 'newversionurl': None, 'err': 'NOK:ACCESS'} 2024-02-07 22:01:57,872 :: ERROR :: Can't refresh remote token Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/RemoteClient.py", line 155, in _refresh_remote_token self.manager.refresh_token_now() File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/common/utils.py", line 23, in wrapper raise RateLimitException psa_car_controller.common.utils.RateLimitException

I get pretty much the same errors in HA, while trying for remote functions.
But if we set refresh token to empty string, it wont read anything in HA

@youradds
Copy link

youradds commented Feb 9, 2024

Thanks for your work on this :)

I updated all the codes from here (I believe), but when booting I get:

sudo -u car python3 /usr/local/bin/psa-car-controller -f /home/car/psa/config.json -c /home/car/psa/charge_config.json
2024-02-09 08:59:10,002 :: INFO :: App version 3.3.1
2024-02-09 08:59:10,149 DEBUG Starting new HTTPS connection (1): idpcvs.vauxhall.co.uk:443
send: b'POST /am/oauth2/access_token HTTP/1.1\r\nHost: idpcvs.vauxhall.co.uk\r\nUser-Agent: python-requests/2.31.0\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic Og==\r\nContent-Length: 45\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'grant_type=refresh_token&scope=openid+profile'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Strict-Transport-Security: max-age=16070400;includeSubDomains
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: Cache-Control: no-store
header: Date: Fri, 09 Feb 2024 08:59:10 GMT
header: Accept-Ranges: bytes
header: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
header: WWW-Authenticate: Basic realm="/clientsB2CVauxhall"
header: Pragma: no-cache
header: Content-Type: application/json
header: Set-Cookie: BIGipServerBE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL.app~BE_IDPCLI_CVS_PROD_HTTPS_VIRTUAL_pool=177242122.47873.0000; path=/; Httponly; Secure
header: Set-Cookie: PSACountry=US; Domain=.vauxhall.co.uk; Path=/
header: Connection: close
header: Content-Encoding: gzip
2024-02-09 08:59:10,297 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 401 None
2024-02-09 08:59:10,299 :: ERROR :: Connection need to be updated, Please redo authentication process.
Traceback (most recent call last):
  File "/usr/local/bin/psa-car-controller", line 8, in <module>
    sys.exit(main())
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/__main__.py", line 20, in main
    app.load_app()
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psacc/application/car_controller.py", line 121, in load_app
    raise ConnectionError
ConnectionError
2024-02-09 08:59:10,318 :: INFO :: save config change

my config.json:

{
    "abrp": {
        "abrp_enable_vin": [],
        "token": ""
    },
    "client_id": "",
    "client_secret": "",
    "co2_signal_api": null,
    "country_code": "GB",
    "customer_id": "",
    "proxies": {
        "http": "",
        "https": ""
    },
    "realm": "clientsB2CVauxhall",
    "refresh_token": null,
    "remote_refresh_token": "",
    "weather_api": null
}

@0x3dlux
Copy link
Contributor

0x3dlux commented Feb 9, 2024

2024-02-09 08:59:10,297 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 401 None
2024-02-09 08:59:10,299 :: ERROR :: Connection need to be updated, Please redo authentication process.

Did you delete the otp.bin and launch with --web-conf?

@youradds
Copy link

youradds commented Feb 9, 2024

2024-02-09 08:59:10,297 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 401 None
2024-02-09 08:59:10,299 :: ERROR :: Connection need to be updated, Please redo authentication process.

Did you delete the otp.bin and launch with --web-conf?

Ah that would be the step I missed. However, I go to the login URL provided in the console. Log in, and then when logging in Dev Tools in FF (also tried Chrome), I'm struggling to see where the mymXX-code should be? Is it a specific XHR request? Or one of the responses, with a value passed along? I get a ton of crappy JS errors. ... but thats just poor coding from Vauxhall it seems :/ (for example: Uncaught ReferenceError: ttq is not defined)

@0x3dlux
Copy link
Contributor

0x3dlux commented Feb 9, 2024

It's the (invalid-to-a-browser mymXX://) URL that you'll be redirected to when you click "OK" in the last step.

image

@youradds
Copy link

youradds commented Feb 9, 2024

Ah sweet - managed to get that going now :) The main stuff seems to work, but pre-conditioning gives this error:

2024-02-09 10:13:50,853 DEBUG https://idpcvs.vauxhall.co.uk:443 "POST /am/oauth2/access_token HTTP/1.1" 200 None
2024-02-09 10:13:50,856 :: ERROR :: remote_refresh_token isn't defined
2024-02-09 10:13:50,858 :: ERROR :: Exception on /preconditioning/VXKUHZKXZL4183607/1 [GET]
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1455, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 869, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 867, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 852, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/web/view/api.py", line 84, in preconditioning
    return jsonify(APP.myp.remote_client.preconditioning(vin, activate))
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 250, in preconditioning
    self.publish(msg)
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 138, in publish
    self._refresh_remote_token()
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 173, in _refresh_remote_token
    otp_code = self.get_otp_code()
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/common/utils.py", line 17, in wrapper
    return func(*args, **kwargs)
  File "/home/car/.local/lib/python3.10/site-packages/psa_car_controller/psa/RemoteClient.py", line 193, in get_otp_code
    otp_code = self.otp.get_otp_code()
AttributeError: 'NoneType' object has no attribute 'get_otp_code'

@bbr111
Copy link

bbr111 commented Feb 11, 2024

RateLimitException seems pretty self-explanatory. Looks like you retried the SMS-step too many times in a too short period of time. Pretty sure each SMS costs Stellantis a cent or two so it makes sense that the rate limits are very thight there.

This "remote_refresh_token": null seems kind of odd too. Did you remove both token lines from the config.json? You should've set them to an empty string, like remote_refresh_token: ""

no, i just removed the values.
I'll try to take the process from the begin with verifing just cleared values.

@bbr111
Copy link

bbr111 commented Feb 11, 2024

It looks like there is a problem it the remote_refresh_token
it is set to "" when is start the program.
after entering the extracted 32-digits from opel it is set to null

2024-02-11 19:19:39,328 :: ERROR :: can't refresh_remote_token: {'error_description': "Missing parameter, 'refresh_token'", 'error': 'invalid_request', 'refresh_token': ''}

But refresh_token is not empty in my config file.

OTP is not working
2024-02-11 19:19:40,423 :: ERROR :: Error during activation: {'err': 'NOK:FORBIDDEN'}
2024-02-11 19:19:40,424 :: ERROR :: start_remote_control failed redo otp config

and Opel Login page is french, even if german or DE ist set in language setting.

@vineethktpla
Copy link

It looks like there is a problem it the remote_refresh_token it is set to "" when is start the program. after entering the extracted 32-digits from opel it is set to null

2024-02-11 19:19:39,328 :: ERROR :: can't refresh_remote_token: {'error_description': "Missing parameter, 'refresh_token'", 'error': 'invalid_request', 'refresh_token': ''}

But refresh_token is not empty in my config file.

OTP is not working 2024-02-11 19:19:40,423 :: ERROR :: Error during activation: {'err': 'NOK:FORBIDDEN'} 2024-02-11 19:19:40,424 :: ERROR :: start_remote_control failed redo otp config

and Opel Login page is french, even if german or DE ist set in language setting.

'http://m.inwebo.com/', 'err': 'NOK:FORBIDDEN'}
Your psa account is locked because you makes 20 sms activation. To unlock do this :

Install on a smartphone mypeugeot, myopel etc, depending on your car brand
If the application is already installed uninstall and reinstall
You should be asked to give your credentials
Connect and test remote control, it should say that you need to reset your account
If the remote control work on your smartphone it will work with psa_car_controller

@bbr111
Copy link

bbr111 commented Feb 11, 2024

@vineethktpla Thanks

Uninstall and Reinstall the app on mobile and setting new pin solved the problem.

gernot-h and others added 2 commits February 15, 2024 21:58
This fixes psacc crashing with:
TypeError: Client.__init__() missing 1 required positional argument: 'callback_api_version'

paho-mqtt 2.0, released on Feb, 10th, requires additional
arguments to mqtt.Client(), see
https://github.com/eclipse/paho.mqtt.python/blob/v2.0.0/docs/migrations.rst.
So stay with 1.x for now.
fix: stay with paho-mqtt 1.x due to breaking change in 2.0
@flobz flobz changed the base branch from master to fix/oauth2 February 19, 2024 07:08
@flobz
Copy link
Owner

flobz commented Feb 19, 2024

Thanks for your help. I will do some reworks and then merge it on master.

@flobz flobz merged commit 35a5ea5 into flobz:fix/oauth2 Feb 19, 2024
1 of 2 checks passed
@gernot-h
Copy link
Contributor

gernot-h commented Feb 21, 2024

@flobz, great to see you've picked that up!!

For the time being, until this is merged into master, let me add deep links here to the instructions how to get it to work in standalone installs as well as in HA:

@PaddyRu
Copy link

PaddyRu commented Feb 24, 2024

Hi "mymop" seems to work for Opel, I have a car from peugeot and get the redirect_uri as "mymap://oauth2redirect/fr" so "ap" instead of "op" in case of Opel and it doesn't seem to work.
I looked into dev tools and found a warning in the console stating "prevented navigation to https://idpcvs.peugeot.com/am/oauth2/authorize?... due to an unknown protocol", I don't know if it has anything to do with this mymap/mymop/... but maybe?

@PaddyRu
Copy link

PaddyRu commented Feb 24, 2024

Hi "mymop" seems to work for Opel, I have a car from peugeot and get the redirect_uri as "mymap://oauth2redirect/fr" so "ap" instead of "op" in case of Opel and it doesn't seem to work. I looked into dev tools and found a warning in the console stating "prevented navigation to https://idpcvs.peugeot.com/am/oauth2/authorize?... due to an unknown protocol", I don't know if it has anything to do with this mymap/mymop/... but maybe?

The error was raised in Firefox, with Chrome it works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants